Majority Of Businesses At Risk From Supply Chain Attacks

A leading cyber security expert has called for businesses to work a lot more collaboratively and transparently concerning their cyber security defences.

The plea from cyber security expert Nick Taylor, who likened modern online business structures to the London underground with multiple entry points, comes after it was found that around 70% of global businesses could be at risk from attacks caused by suppliers with poor cyber defence policies and practices.

The ‘Tech Vision Report’ found that just 29% of the 6,600 IT and business executives from 27 countries were aware of the cyber security being used by the suppliers and organisations they work with.

Overall, 56% felt comfortable in taking a business at their word that they had protected themselves from cyber criminality without making any formal checks. Worse still, the same number were content with trusting that their suppliers were cyber protected without even approaching or asking.

In the UK alone, only 29% of firms were vigilant enough to ensure that the people and organisations they work with were protecting their online presence.

When it is predicted that 25% of all global cyber attacks will be attributed to supply chain attacks within the next five years, it is becoming imperative that law firms scrutinise the security processes of the people, law firms, clients and suppliers they work with.

This is a behavioural and cultural issues that legal regulators are looking to instil into the firms they work with. The updated Conveyancing Quality Scheme (CQS) requirements emphasise the increased importance that should be attributed to cyber hygiene. According to section 6.2, ‘practices must have an information management and security policy, which should be accredited against Cyber Essentials.’

Similarly, section 3.2 of Lexcel Version 6.1 insists that ‘all practices should have an information management and security policy and should be accredited against Cyber Essentials.’ The modal verb ‘should’ emphasising the importance that the Law Society and their legal practice quality mark place on this specific cyber certification.

As regulators begin to expect law firms to become proactive in their cyber security practices, becoming vigilant with the people working closely with the firm should become a business expectation written into any security policy.

Failing to proactively block the multitudinous avenues of attack when regulators are clearly signposting firms to security options will result in widespread condemnation and sever reputational damage.

Nick Taylor, cybersecurity lead for Accenture UK, said:

“Business perimeters used to be like a castle, where security teams could create thick walls to guard against attacks. But the days of doing business in this medieval way are well and truly over. Now, business structures resemble something more like the London Underground, with thousands of entry points. Threat actors are preying on the weaker links. Smaller businesses, in particular, are seen as a means of infiltrating larger organisations.”

Does your law firm have adequate cyber security protections in place? Do you ensure that the suppliers, agencies, clients and law firms you work with are protected from cyber attacks?