The legal sector and war against cyber criminals

The war against cyber criminals has been under way for many years now. In most cases we hear about the detrimental impact cyber criminality is having on law firms.

Lured in by the sensitive information and potential of lucrative profits if the scam works, law firms have been particularly susceptible to fraud.

We know that hackers steal millions each year from the legal sector; however, who is winning the war?

In short, in seems that significant damage has been taken on both sides. The 2017 PricewaterhouseCoopers 2017 survey found that 60% of law firms had reported an information security incident in 2017. This had increased from 42% in 2014. Does the 18% increase over a three year period indicate a significant rise in cyber attacks, or does it suggest that law firms are improving their ability to detect and prevent cyber fraud?

According to the Government report, The Cyber Threat to the Legal Sector 2018, a significant amount of money was stolen in 2017. The SRA reports that over £11 million of client money was stolen by cyber criminals in this twelve month period.

Similarly, cyber criminals are enjoying major benefits from phishing scams. Cyber criminals use common passwords to infiltrate a company and in some cases use readily available company information to impersonate senior members of the company to steal data and company money.

The same report highlighted a 300% increase in stolen money from phishing attacks in the first quarter of 2017. The SRA details 110 known scams against law firms in 2018.

When one NCSC industry 100 partner estimates that they receive over 11,500 phishing emails every month, across 5,000 staff, how can law firms possibly win this war?

Figures do indicate that the tide is turning, and law firms are beginning to prevent a lot more fraudulent attacks on their companies.

The HM Land Registry has successfully prevented 279 fraudulent applications being registered to them since 2009, saving an incredible property value of more than £133 million.

Companies are now creating a more cyber security savvy workforce by training staff in how to identify phishing scams and suspicious emails that could contain malware or ransomware.

Sociotechnical Security Researcher, NCSC, said: “No training package (of any type) can teach users to spot every phish. Spotting phishing emails is hard. Spotting spear phishing emails is even harder. Even our experts struggle.

“The advice given in many training packages is based on spotting standard signs like checking for poor spelling and grammar, and while these can be a good place to start, they can’t be used to spot all phishing emails. Bad guys can spell (and some nice genuine people can’t).”

Despite the increase in training and awareness, the cyber security workforce in the UK has also increased by 163% to over 58,000 people in the past year, highlighting the importance that companies now place in the prevention of cyber fraud.

As companies begin to educate their staff, collaborate with governmental organisations like the HM Land Registry, establish security measures and invest in security accreditation, the impact and success of the cyber criminal is going to reduce and the possibility of winning the war becomes more realistic.

Is your company protected from cyber criminality? Are you offered appropriate training to avoid being scammed? Should there be more protections in place?