What does the cyber threat landscape for law firms look like?
Guest Blog by Rob Dartnall, Cyber Intelligence Director, Security Alliance
Towards the end of last year, Security Alliance published a report entitled: The Cyber Threat Landscape for Law Firms. The overall assessment of the report is that the current cyber resilience of the legal sector does not match the severity of the threat, and further incidents similar to the magnitude of Mossack Fonseca breach will continue to occur if proactive cyber-defence strategies are not implemented.
Looking at the lay of the land, this isn’t surprising, given the tenacity with which cyber criminals are targeting the legal sector. The report highlights the following:
- The type of threat actors seeking to exploit law firms range from state-sponsored Advanced Persistent Threat (APT) groups to organised criminal gangs and cyber-criminals
- APT groups are seeking to extract market-information such as strategic trading and M&A information and are choosing to target law firms as the best route to access this information
- Cyber criminals are more commonly seeking to extort law firms, with the rising trend of ransomware attacks being of particular concern
- Law firms frequently find themselves implicated in geopolitical conflicts between two or more countries trying to assert their power over a region
- There is a lack of sharing of cyber threat intelligence between firms in the UK
I’m delivering the keynote address on this subject at the upcoming Ascertus Seminar, Cyber Threat Landscape for Law Firms on 23 February 2017. My presentation will:
- Provide insight into the multitude of cyber threats faced by the legal sector, and how threat intelligence can be used to identify, understand and mitigate some of these threats
- Outline the key tenets of threat intelligence, how it should be defined, and how it should be practically applied in an organisation
- Clarify some broad categories of threat actors, from the nation states to insiders, and explain why each category may want to target a law firm
- Highlight case studies where law firms have been targeted by cyber threat actors
- Explain how future events and trends may impact the severity of the cyber threat to law firms
- Offer next steps that explain how intelligence sharing, threat assessments and targeted security can help law firms mitigate the cyber threat
The seminar is free to attend, do come along. You’ll leave with a good understanding of the issues involved and actionable next steps for your law firm.
About Rob Dartnall
Rob is a CREST Certified Threat Intelligence Manager (CCTIM) and Cyber Intelligence Director of Security Alliance - a Bank of England certified Cyber Threat Intelligence provider under the CBEST framework. With specialist interest areas of Insider Threat and Nation State Fusion Warfare, Mr Dartnall has unique experience and insight into the threat landscape.