With cybercrime rates skyrocketing over the past years, it is acknowledged to be increasing at an alarming rate, targeting various sectors. In 2015, the legal sector appeared on Cisco’s annual ranking of industries targeted by hackers and for good reason.
As a sector which holds valuable and sensitive material to important individuals and organisations, criminals seek to obtain confidential client information for the purpose of financial gain or espionage, they do this through methods such as malware and other software programs.
Panama law firm, which holds over 11 million documents and reportedly establishes offshore accounts and companies for global power players, was victim of a ‘leak’. The files revealed the names of many world leaders who have established offshore tax havens.
Another reason is that law firms are seen as ‘weak links’ to exploit when seeking a client’s work. Law firms and their access to confidential materials, like a client’s patents, are therefore they are often targeted. For instance, for insider trading purposes, Russian cybercriminal “Oleras” and their gang had targeted 48 of the nation’s most prestigious law firms to steal sensitive client information.
Law practices all hold a huge amount of incredibly important and sensitive market information that hackers illegally seek to use to their advantage and for this reason, they are strongly urged to look at cybersecurity.
Despite these serious threats to the sector, law firms are behind on cybersecurity. While three quarters of employees in law firms with annual turnover above £500m are aware that they are very likely to be target of cyberattacks, research shows that respondents from the legal sector are 18% less likely to include external cyber security experts than non-lawyers in their attack contingency planning.
A large 86% of lawyers see cyber security as an issue for the senior executives, management needs to have a firm stance and clear message to employees and clients regarding preventing, detecting and responding to security breaches in information technology systems. These risks need to be addressed quickly and effectively, because it can cause irreversible reputational damage and disastrous financial losses to a firm and its clients.