Legal Cyber Risk Annual Review

The Foreign Secretary’s revelations at the end of last week that Chinese cyber criminals are targeting major global corporations in a bid to steal sensitive data, highlights the cyber legal plight of 2018.

The group, known as APT 10 have been accused of acting on behalf of the Chinese Ministry of State Security to target intellectual property, commercial data and private business information from some of the world’s largest corporations.

Jeremy Hunt, UK Foreign Secretary, said: “This campaign is one of the most significant and widespread cyber intrusions against the UK and allies uncovered to date, targeting trade secrets and economies around the world.

“Our message to governments prepared to enable these activities is clear: together with our allies, we will expose your actions and take other necessary steps to ensure the rule of law is upheld.”

“It is clear that in some cases basic cyber security measures are still not being taken, and this is not acceptable.”

As the Chinese super criminals end 2018 by exploiting businesses through cyber criminality, it seems as though we have come full circle. The legal sector entered 2018 with an inherent fear of cyber crime and end the year with the same anxieties.

Reports throughout the year have consistently highlighted the increasing threat of cyber criminals and the immense damage it can cause to a legal firm.

The SRA highlighted the severe threat posed by cyber crime as cyber security was listed as a separate risk in their Risk Outlook 2018/19 report which was published in the summer.

Within the report they highlighted email modification fraud, phishing, malware, CEO fraud and identity theft as the main threats to the legal sector and a firm’s data.

In August, Research found that only 1% of the UK’s top 100 law firms have sufficient measures in place to protect against basic forms of email fraud; highlighting a need for firms to make detailed security plans to help prevent data breaches from email attacks.

Despite reports from the National Cyber Security Centre (NCSC) into the cyber threat to the UK legal sector, 32% of law firms reported being targeted by cyber fraudsters in the last year. In particular, law firms have reported significant increases in spam emails and sophisticated phishing attempts.

This equates to a 25% increase in cyber attacks compared to the figures released for 2016-2017. The Law Society had speculated that this could be due to many firms being naive to attacks in the previous year as the National Cyber Security Centre found that 60% of law firms had an information security incident in 2016-2017.

Reassuringly, 94% of the scams were squashed and prevented; 6% resulted in a data breach and a further 3% resulted in financial loss. 1% of these losses were deemed as ‘serious.’

In the wider world, the true extent of the NHS WannaCry attack was made public, BA were hacked twice, Dell suffered data breaches, Morrisons’ staff details were leaked by a disgruntled employee and even NASA and the CIA were hacked.

Although cyber criminals are becoming more sophisticated and it seems as though we are fighting a losing battle, more thought is being placed into computer hygiene and cyber security protocols, which can only be considered a positive thing.

Merry Christmas and Happy New Year to our valued readers. See you in 2019!