Skip links

Law firms becoming top target for cybercriminals

When law firm Gateley plc., recently admitted it had suffered a cyber-security breach, it’s safe to assume the leaders of the 9,974 law firms in the UK probably asked themselves the same question: “why are law firms becoming the top target for cybercriminals?”

The cyber-attack was discovered quickly by the firm’s IT team, which ensured only a small amount of data was stolen. This data included sensitive client data and required the firm to notify its clients, while the data in question was traced and deleted from where it had been downloaded to.

Having to announce the breach publicly and risk potential reputational damage shows the outcome could have been worse. The situation highlights the double-edged problem for law firms, not only suffering an attack on their business, but one that could cause long-term damage to its survival prospects, even if no client data is stolen.

This is just one of many recent high-profile cyber-attacks on law firms. Global giant Jones Day suffered a breach and gigabytes of sensitive client data was stolen and made available to journalists, although the loss appears part of a larger hack on Accellion, a file-sharing service.

Of course, listed firms will have to announce any successful cyberattacks to inform stakeholder and the relevant authorities. One can only guess how many unlisted, privately owned law firms have suffered attacks in silence, potentially paying the ransom to retrieve their data.

Criminals recognising new opportunities

On June 25, Lindy Cameron, chief of the UK national cybersecurity centre warned of a worrying new trend, ‘ransomware as a service’. Professional hackers make available ransomware variants and lists of credentials, for a one-off payment or a share of profits from successful attacks.

This new approach to cybercrime allows non-tech savvy gangsters to get in on the wave of modern crime, buying from developers without the costs and risks of developing it themselves. This brings criminals less experienced in ransomware into the frame, ready to undertake their own attacks.

Cameron argued that more sophisticated criminals spend time conducting in-depth reconnaissance on potential targets, working to identify cybersecurity weaknesses, before launching phishing and spear-phishing attacks to gain access to networks.

They then search for not only business-critical data to encrypt and hold for ransom, but the backups that can help mitigate the damage of a ransomware attack. The chief of the UK national cybersecurity centre warned criminals , which is a chilling thought.

Criminals recognise a good target

Attacks on big law firms make the news, often because of the potential fallout if the firm undertook Government work or large corporate transactions, when sensitive data can be very valuable to criminal actors. But what is the future for smaller firms with client accounts plump for the picking?

Criminals recognise law firms fear not only the financial loss if funds are stolen, or from buying a decryption key, but the potential reputational damage they would suffer if a breach is made public – a motivation to meet the hackers demands, if ever there was one.

The big firms will attract more attacks simply due to the scale of their networks and the potential for a security hole or zero-day vulnerability being discovered. They may have the best alerting and monitoring, as well as effective defences, but the potential rewards will ensure every law firm, regardless of size, continue to be the subject of increasingly sophisticated and regular attacks.

Smaller firms that often lack the specialist expertise to prevent a sophisticated attack, now not only face the threat from sophisticated hackers turning to easier targets, but the growing threat posed by non-tech savvy criminals. They are buying attack software and chancing their collective arms, hoping to get lucky – and they only need to be lucky once.

This is a snapshot of the current threat facing every internet connected business, but law firms in particular and perhaps explains why illume is currently engaged by a number of SME law firms to discover weaknesses in their networks before the hackers do.

Defeating the criminals in this ever-changing threat environment is hard for in-house IT teams, but calling on our experience and specialist support can make life a lot easier and safer.

So if after reading about why law firms are becoming a top target for cybercriminals and the threat you face, you’d like to get a security assessment underway, please get in touch today and we’ll explain the simple steps you can take towards a safer future – that’s the illume promise.


If you are looking to discuss internal, external or web application penetration testing, please contact us on 02039 84 84 00.