Quorum Cyber highlights escalating cyber threats in the UK legal sector.

The legal sector is becoming an increasingly attractive target for threat actors, with the Information Commissioner’s Office (ICO) reporting a 36% year-on-year increase in cyber-attacks on UK law firms. Ransomware attacks are also on the rise, with 58 reported against the sector in the past six months. At Quorum Cyber, we understand the vital role that information security plays in any organisation’s strategy, particularly with the evolving nature of both insider and external threats. We also understand the challenges that Chief Information Security Officers (CISOs) face as they work to protect their organisations from daily cyber-attacks.

In our continuous pursuit to gain deeper insights and help shape the future of cyber security in the legal sector, Quorum Cyber attended the ‘Securing the Law Firm’ event in London’s Park Plaza Victoria in July. This event offered an immersive look into the cyber security landscape, featuring presentations from experts in the industry including: 

• Martyn Styles (CISO, Bird & Bird – read about Bird & Bird’s journey with Quorum Cyber here) 
• Valerie Jenkins (CISO, Clyde & Co LLP)
• Stephen Beckett (Global Security and Business Continuity Director, Dentons). 

Mitigating risks with Quorum Cyber 

James Allman-Talbot, Head of Incident Response and Threat Intelligence, together with Jon Cranton, Sales Consultant from Quorum Cyber, presented an insightful overview of the cyber threats currently facing the legal sector. Their expert knowledge was invaluable in providing a deeper understanding of how to protect sensitive client information and protect against data breaches. James shared strategies on how to leverage threat intelligence effectively to mitigate specific risks.  

Our team of cyber threat experts has found that the biggest threats to law firms come from groups linked to China and Russia. These groups are likely attacking law firms to steal confidential information to ultimately help their own countries gain a competitive advantage. 

One effective way for law firms to protect themselves is by using threat intelligence. If used correctly, threat intelligence can greatly improve a firm’s security by taking a threat-led approach. It can help with many security tasks, from proactively managing risk to building a cyber security strategy.  

Find out how Quorum Cyber can help you leverage threat intelligence to improve your organisation’s cyber security posture here. 

Security strategies 

The conference kicked off with Tim Collinson, Head of Information Security at Walkers, calling out the need for a revamped security strategy and culture. Tim emphasised the importance of positioning the security team as approachable and helpful, and fostering a security-aware culture where everyone understands their role in maintaining cyber security. This approach reduces the risk of breaches and enhances the organisation’s overall cyber resilience. 

Tim also highlighted the importance of building a robust security strategy within the legal industry for several reasons: 

• Information Sensitivity: Law firms handle highly confidential client information. A breach could lead to severe reputational damage, loss of client trust, and legal penalties. 
• Regulatory Compliance: The legal industry is subject to strict data protection and privacy regulations like the General Data Protection Regulation (GDPR). Non-compliance could result in heavy fines. 
• Client Expectations: Clients entrust their most confidential information to legal firms, and any breach could lead to a loss of business. 

Managing the supply chain 

One of the highlights of the day was a panel discussion made up by Jas Bassi, Head of Solution Delivery at Gateley, Jonathan Root, Head of Information Security at Mishcon de Reya, Valerie Jenkins, CISO at Clyde & Co LLP and James Kwaan, CIO at Lloyds Banking Group. They shared insights on supply chain management, highlighting the importance of understanding its full extent and managing supplier risks. 

Understanding the full extent of your supply chain involves having a comprehensive view of every entity involved in the process. This includes direct suppliers as well as indirect ones (i.e. your suppliers’ suppliers). It’s vital to map out this chain to understand potential vulnerabilities that could impact your operations.  

They also suggested minimum security requirements for suppliers, including compliance with security standards, data protection measures, incident response plans, and cyber security training. They advised risk assessments for each supplier, considering factors like data type, location, access to systems, and criticality of their services. 

Reflections

The ‘Securing the Law Firm‘ event offered a wealth of insights.  The sessions stressed the importance of implementing an environment where cyber security is everyone’s responsibility and the critical role of risk mitigation, the need for comprehensive risk assessments and stringent security requirements for suppliers.

Quorum Cyber highlighted the increasing cyber threat landscape facing the legal sector, marked by a surge in cyber and ransomware attacks. Our team offered key insights into these threats, emphasising the need for robust data protection and effective use of threat intelligence, reinforcing Quorum Cyber’s belief in the critical role of information security in the legal sector’s strategy, particularly in the face of evolving cyber threats. 

Find out more on how Quorum Cyber protects the legal sector against cybercrime