Security

Cyber trends and threats for the legal sector

Debra Cairns Debra Cairns
 •  9 mins read
 •  Data ProtectionIT/TechSecurity
Cyber trends and threats for the legal sector

Cyber trends and threats for the legal sector

The legal sector in the UK is large and diverse. In early 2023, it was reported that there are over 32,000 organisations in the industry, with a combined revenue exceeding £43 billion and employing more than 320,000 people.

With such a significant presence, law firms and legal professionals are prime targets for cybercriminals. The expectation of trust and confidentiality from clients, combined with legal and professional obligations, makes cyber security a critical priority for this sector.

In this article, we will explore the latest cyber trends and threats facing the legal sector, highlighting real-world examples and essential strategies to defend against cyber risks.

The importance of cyber security in the legal sector

Clients expect law firms to uphold the highest standards of trust and confidentiality in protecting their sensitive information and assets.

Beyond this expectation, law firms also have a legal and professional duty to safeguard clients, as outlined in the SRA Code of Conduct, the Bar Standards Handbook, and the Legal Services Act 2007.

A cyber attack could expose confidential client information and result in non-compliance with these regulatory requirements if the correct measures are not in place. Therefore, it is essential that firms implement and maintain robust cyber security measures to protect information.

Failure to do so could have severe consequences, including data breaches, financial losses, fines, legal action, reputational damage, the loss of client trust and potentially lead to sanctions or disqualification from practice.

Why is the legal sector a target

The legal sector is often a target for cybercriminals for several reasons. This includes:

  • Holding sensitive and confidential information

Law firms manage large volumes of highly sensitive and confidential client data, making them attractive to cybercriminals seeking financial gain or strategic leverage.

  • Ransomware risks

Disruption in your firm’s ability to operate can be costly, both in terms of billable hours and costs to your clients. This makes the legal sector a prime target for ransomware, as they are more likely to pay to regain access to their data.

  • Time-sensitive transactions

Legal firms handle large, time-sensitive transactions, making them more susceptible to phishing and Business Email Compromise (BEC) attacks. The pressure to act quickly can lead to human error, increasing the risk of falling victim to these cyber threats

  • Smaller firms and supply chain risks

Many smaller firms often lack the resources to implement strong cyber security measures, increasing their vulnerability. As smaller firms often outsource their IT, an attack on a supply chain could even impact multiple firms in one go.

  • Reputational damage

Cybercriminals often exploit firms’ reputational concerns, using extortion tactics to pressure law firms into compliance.

The most common types of attack

Based on the diverse make-up of the UK law sector and how they operate, the most common attacks your firm may face are:

Business Email Compromise (BEC)

BEC attacks target financial transactions and payments by either gaining access to genuine email accounts or using spoofed domains (there will be a small difference, e.g a misspelling). These attacks are most likely to be used when trying to intercept or divert financial transactions and payments.

A notable example is the Crimson Kingsnake BEC Gang, which emerged in 2022, impersonating major law firms to issue fraudulent invoices. They aimed to intercept and divert funds by setting up 100s of domains very similar to large law firms and sending out widespread emails chasing up payments on false invoices.

They used legal language along with a sense of threat and urgency to pressure the recipient into taking immediate action.

How can you defend against these attacks? 

  • Ensure you have implemented authentication email protection (DMARC, DKIM and SPF).
  • Add a report phishing button on your email system to enable fast reporting.
  • Activate MFA (multi factor authentication).
  • Conduct regular phishing simulation training for all employees.

Ransomware

Ransomware is well-known type of attack that is documented in the news and seen across our TVs and cinemas screens. The attacker will encrypt your data and systems, demanding that you pay a ransom to regain access.

We are also seeing cybercriminals blackmailing victims, threatening to publish sensitive data online unless a ransom is paid.

Despite recommendations from the NCSC and UK law enforcement not to pay, the 2023 UK state of the phish report found:

  • 63% of organisations said they had paid a ransom.
  • 34% said they got all the data back after payment.
  • 46% paid more than one ransom.
  • 17% said they paid and got nothing back after paying the ransom.

The NCSC and ICO are encouraging law firms to be open about these attacks and seek their support. These organisations are here to help you to recover from a cyber attack, assist with investigation and legal action against attackers, and provide you with guidance in preventing future attacks.

An example of this is a case back in 2020, where Tuckers Solicitors fell victim to a ransomware attack. The attack saw cybercriminals gain access to 60 court case bundles. later publishing them on the dark web. They also encrypted nearly one million files, including the firm’s backup, leaving them with no recovery options.

The root cause of this attack was unpatched systems that left the firm vulnerable to an easily preventable attack, along with the absence of two-factor authentication (2FA). As a result, the ICO fined them nearly £100,000.

How can you defend against these attacks?

  • Ensure your data is backed up and stored away from your operational infrastructure to stop the attacker from accessing this.
  • Test backup recovery regularly.
  • Implement 2FA and patch management.

Phishing

Phishing remains one of the most common cyber threats. This type of attack involves cybercriminals using psychological manipulation to get the victim to reveal specific information or perform an action for an illegitimate purpose, allowing them to completely bypass security and technical controls.

Cybercriminals will typically send mass emails to trick recipients into revealing sensitive information, such as passwords or banking details, or to directly deploy cyber threats like ransomware.

In recent years, they have expanded their tactics to include ‘smishing’ using text messages and WhatsApp and ‘vishing’, where voice calls are used to deceive victims into sharing confidential information.

Stats shared from the Law Society show that mortgage related fraud increased by 32.8% for the period August 22nd to Sept 23rd.

One example of this type of scam in the legal sector involved a solicitor who was found guilty of failing to prevent a ‘Friday afternoon’ cyber fraud, resulting in £290,000 being transferred to cybercriminals.

The solicitor was fined £10,000 and ordered to pay an additional £16,000 in costs. The scam was carried out through phishing and a spoofed email address, tricking the solicitor into transferring the funds without taking additional verification steps.

How do you defend against these attacks?

  • Implement phishing simulation testing to educate employees and help them to identify phishing emails.
  • Encourage easy reporting mechanisms for suspicious emails.
  • Foster a no blame culture to encourage transparency. If an employee is in fear of repercussions, they are unlikely to report it. 

Insider action / threat

Not all threats come from outside your organisation. There are 2 types of insider threats, human error and malicious intent.

An ICO report covering Q3 2022 to Q2 2023 revealed that 60% of data breaches were due to insider actions, primarily human error, while only 40% resulted from external threats. During this period, the data of 4.2 million people was compromised. Almost half of the cases (49%) impacted customers and 13% impacted employees.

One example of malicious insider action occurred in 2015 when a disgruntled Morrisons employee, who had faced disciplinary action, leaked payroll data for around 100,000 past and present employees. He was later sentenced to eight years in prison.

Although the supermarket was initially held responsible, Morrisons spent five years arguing that the leak was a personal vendetta by the ex-employee and that they should not be held vicariously liable. In 2020, the UK Supreme Court overturned the original ruling, clearing Morrisons of any responsibility

Had they have been found guilty; this would have opened up compensation claims from the 100K employees.

How can you defend against these attacks?

  • Limit access to your data on least privilege, need to know basis.
  • Implement time-restricted access for sensitive information.
  • Promote a zero-blame culture to encourage incident reporting.

Supply chain

In 2023, the 10th annual State of the Phish report shared that 67% of UK organisations had been subject to a targeted attack through their supply chain.

Once inside your supply chain, an attack can take many forms, including; service interruption, data theft, a stepping stone to directly access your systems and infrastructure or to launch a direct cyber attack.

An example from the legal sector involves a cyber attack on IT MSP provider CTS, which impacted 80 law firms, including several conveyancing firms. The attack disrupted their operations, with some firms unable to function at all.

The fallout from the attack lasted for several weeks, significantly affecting the operations of the affected law firms

How can you defend against these attacks?

  • Rank your suppliers, based on criticality of service before allowing access to your systems and data.
  • Integrate cyber security into your contract process.
  • Set clear cyber security requirements (ensure they are justified and achievable).
  • Complete due diligence before onboarding new suppliers.
  • Request evidence of cyber security measures.
  • Perform regular reviews. Risks evolve, and so should your security practices.

These cyber threats, along with high client expectations and strict regulatory requirements, demonstrate exactly why law firms must prioritise cyber security.

As mentioned throughout this article, implementing best practices such as employee training, email security, regular system updates, and third-party risk assessments is essential to safeguarding sensitive legal data.

Another effective way to enhance your firms cyber resilience is by obtaining industry-recognised certifications like Cyber Essentials.

How Net Defence can help

At Net Defence, we specialise in providing tailored cyber resilience solutions for law firms, including Cyber Essentials accreditations, phishing simulations, and IT security consultancy.

By partnering with us, you can strengthen your firm’s cyber defences, protect client data, and ensure compliance with regulatory requirements.

If you’re looking to protect your employees, clients, and reputation with strong and reliable cyber security solutions, contact us today to learn more about our services.

About the author
Before joining Net-Defence, I worked for multinational consumer goods corporation, Proctor & Gamble (P&G), gaining over 19 years of finance and IT experience that I have brought with me to my current role. From 2018 onwards, I have worked for Net-Defence, and in 2020 stepped into the role as Managing Director, building a team of...
Debra Cairns' profile