Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Cyber Threats to Law Firms: Understanding the 2020 Threat Landscape
Law firms are operating in an increasingly hostile digital landscape. Cyber security is now seen by UK law firms as the second greatest challenge behind COVID-19, and it’s not hard to see why – law firms are an attractive target for cybercriminals, who seek to steal the large amounts of money and sensitive client data they hold.
The legal sector’s gradual adoption of cloud-based services has brought a great deal of commercial and operational benefits, but has also increased the attack surfaces through which cybercriminals can target them. And with many lawyers now working remotely in response to the ongoing coronavirus pandemic, cyber threats will remain prevalent – 20 percent of businesses have suffered a breach due to the actions of a remote worker since lockdown was introduced.
2020 has already seen high-profile law firms fall victim to cyber-attack – in May, it was reported that law firm to the stars Grubman Shire Meiselas & Sacks suffered a ransomware attack that caused significant damage and disruption.
In this blog we will explore cyber threats to law firms: who is attacking them, why, and how? And what steps can law firms take to protect themselves from the cyber threats they face?
The risk of cyber-attack and data breach has never been more prevalent for law firms, and the potential consequences have never been higher. In an industry where trust is everything, the cyber threat to law firms needs to be considered in the context of the reputational damage a data breach could cause. Understanding who is attacking law firms and why is the first step towards mitigating the risks threat actors present.
Like all industries, law firms face a constant threat from cybercriminals.
Law firms hold valuable intellectual property, which can be targeted by insider threats.
In 2020, ransomware is one of the most popular cyber-attack methods that cybercriminals use to target law firms. In a typical ransomware attack a target organisation’s network is penetrated by hackers, often by sending a phishing email (a fraudulent email sent by cybercriminals that mimics a legitimate communication from a trusted source, designed to steal information or deliver malware payloads) to individuals in the organisation that contains malware, or sometimes through exploiting a vulnerability in the organisation’s network.
The malware enters the network and the attackers conduct reconnaissance and further activity to achieve the right access they need to execute the ransomware. Once this is done, the target organisation’s network is encrypted and effectively unusable until either a ransom is paid or the organisation reverts to backups to bring the network back online.
Last year’s Norsk Hydro attack, in which operations at the large aluminium manufacturer ground to a halt when cybercriminals launched a successful ransomware attack on the firm, demonstrated the massive financial and operational impact ransomware can have on businesses, as the firm suffered millions of pounds in lost revenue and several months of operational turmoil. However, a relatively new trend for double-extortion ransomware attacks introduces a significant reputational threat to businesses, too.
Double-extortion first became a prominent tactic as a further method to make money from late-2019 onwards. In a double-extortion ransomware attack, the attackers threaten to leak stolen data onto the internet. The intention of double-extortion ransomware attacks is to shame target organisations into paying a ransom, even if the appropriate backups are in place to mitigate a traditional ransomware attack.
Many double-extortion ransomware attacks lead to sensitive data being publicised on social media. In mid-2020, there has been an increasing trend for the publication of screenshots of the stolen data by cybercriminals and security researchers. This means that often the first public indication that an organisation has been hit by ransomware will be stolen sensitive information appearing on social media.
The cyber threat to law firms is real, and it’s getting worse. Cybercriminals are actively targeting UK law firms with phishing emails and double-extortion ransomware attacks, and will continue to do so as long as they remain a successful (and lucrative) attack method. In order to protect your law firm, you need to understand the risks you face. By understanding these risks, you can take steps to address them.
Six Degrees is a trusted cyber security partner to prominent law firms throughout the UK and beyond. We understand the cyber threat to law firms, and we regularly advise our legal clients on the hostile digital landscape in which they operate.
Our whitepaper, Cyber Security for Law Firms, provides an overview of high-profile incidents that have taken place in the past twelve to eighteen months, types of cyber-attack, information on hackers and some examples of how regulatory bodies are focussing on the threat of cyber-attacks.
You can download our new Cyber Intelligence Report that covers the latest trends in ransomware attacks against the legal and accountancy sectors for free here. We’ve also created a handy infographic that provides the information you need to protect your law firm from ransomware attacks.
If you’d like support in enhancing your law firm’s cyber security posture, schedule a call by visiting https://hub.6dg.co.uk/legal-call
In order to enhance productivity and meet the commercial and…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
