Pete Watson
Cyber threats are the number one concern for the Top 100 UK law firms, according to PwC’s Law Firms’ Survey 2024, with concern increasing from the previous year’s study. 90% of respondents from the Top 100 were either extremely or somewhat concerned that cyber will impact future growth ambitions over the next two years (up from 85% in 2023).
The report also found that cyber security expenditure is increasing significantly among the Top 50 firms but not in the Top 50-100 category, which reported a slight reduction.
The concern among firms is resounding. However, in terms of practice, there appears to be a widening gap between the very top firms and others.
This is a worrying trend, which can only end badly for firms failing to keep up with the pace of evolving defence mechanisms. But what are the top firms investing in to protect their growth ambitions?
Atlas Cloud performed the industry’s largest cyber security audit earlier this year – assessing over 5,000 UK firms. As Atlas Cloud’s CEO, I’m well-placed to answer that question.
Keeping up with the Jones’
Forward-thinking firms in 2024 are shunning traditional antivirus (or AV) solutions on devices in favour of Endpoint Detection and Response (EDR).
They’re doing this to mitigate a significant threat window that attackers have. AV is limited to finding known threats stored on devices during periodic scans (around once per week). That means AV can only mitigate threats that have been previously successful and can only find them based on the scan schedule. That gives attackers a big window to execute an attack without being noticed.
EDR mitigates this risk, reducing that window from weeks to almost instantaneous.
The AV-superseding technology works in real time across your entire network to flag anomalies of any kind. To put it another way, AV looks for files of a specific pattern, known to have caused an exploit; EDR looks for changes across the network and flags them for assessment. It means threats don’t have to be known before they can be flagged, and that finding threats isn’t limited to a weekly scan schedule plus threats don’t just have to be stored on a device to be found.
In a world where file storage is now predominantly cloud-based, that last point is crucial. AV can’t do anything about files stored in OneDrive or SaaS until a user tries to access it with their device.
EDR requires an IT team to investigate alerts; but with AI-powered triage already prevalent, it’s not erroneous or costly.
Has your firm considered ditching AV yet?