Become a Member

Member Login

 
Recovery
Recovery News

Home / Technical Library / Recovery / Recovery News
 

Cyberattacks on the rise for law firms thanks to Covid-19

Cyberattacks on the rise for law firms thanks to Covid-19

31 October 2021

Andrew Chilvers looks at the rise in ransomware attacks over the last two years and offers basic tips on how to protect your firm.

When global law firm DLA Piper was targeted by a ransomware attack in June 2017 the security breach infected its worldwide IT network of computers in a matter of moments.

During the event DLA Piper's cyber security team detected the malware immediately and acted promptly to limit the damage. Across all offices in every jurisdiction signs were posted telling staff not to turn on computers, to remove laptops from docking stations and essentially to stop work.   

While the ultimate cost of the attack could cost the firm millions, the breach itself was caused by a staff member in the DLA Piper's Ukraine office who innocently clicked an update on the accounting software. The update happened to be a phishing scam with malware attached and the moment it was unleashed the now infamous 'NotPetya' virus ate up the firm's data. This quickly spread cross its global network - and nothing could stop it.

At the time DLA Piper was not the only victim of the attack; Danish shipping giant Maersk was also hit in the same attack costing the company an estimated $378m (£275m). At the time IT managers literally ran through the company's offices pulling computer plugs out of walls to head off the attack - to no avail.

In 2017, as a result of NotPetya, DLA Piper's employees were unable to service their global client base and 15,000 hours of overtime had to be paid to IT staff to staunch the attack. The breach also resulted in a dispute with the firm's insurer, Hiscox, which said it would not pay out damages, illustrating how cyber security is becoming a problematic grey area when it comes to insurance cover.

As well as the obvious costs, the reputational damage to law firms, particularly those as a big as DLA Piper, can be catastrophic. Nevertheless, the firm was able to use the breach as an example of how ransomware attacks can be contained by implementing compliant processes and employing quick-thinking IT security staff.  

With the 2017 breach behind the firm, a DLA Piper report published earlier this year highlighted the increasing number of fines being given to companies across Europe that fail to comply with GDPR. Ross McKean, Chair of DLA Piper's UK Data Protection & Security Group, said: 'Fines and breach notifications continue their double-digit annual growth and European regulators have shown their willingness to use their enforcement powers. They have also adopted some extremely strict interpretations of GDPR, setting the scene for heated legal battles in the years ahead.'

The rise in ransomware attacks

Ransomware attacks have risen significantly during the Covid-19 pandemic. From schools and healthcare centres to local high street recruitment agencies and law firms, cyberattacks have caused irreparable damage, cost and harm to organisations and the people that work in them.

Law firms and IPs, in particular, are increasingly targets for cyber criminals simply because the data they hold is valuable and often highly sensitive. An average team of commercial legal advisors could be handling litigation, mergers and acquisitions, corporate finance or corporate tax issues for clients every day. Criminal and family lawyers are probably also vulnerable given the personal data that they handle.

In June this year, the law firm Gately also announced that it had a small portion of data stolen in a cyberattack. As with DLA Piper, Gately acted quickly on discovering the breach and in a statement to the stock exchange, the firm said the impacted data was 'traced quickly and deleted from the location to which it had been downloaded and there is no evidence to suggest that this data has been further disseminated'.

ICAEW warning

Earlier this year, the ICAEW issued a warning about the significant increase in cyberattacks on UK accounting firms. Meanwhile, US security firm BlueVoyant reported that 15% of a random sample of thousands of global law firms reported signs of compromised networks - and that every firm involved in the study had been the target of some form of cyberattack.  

Breaches or ransom demands can cause huge financial losses for firms. According to a report by security firm Crowdstrike, the average ransomware payout in the US is now more than $1m.

In 2018, Ciaran Martin, the chief executive officer of the National Cyber Security Centre, issued a warning to law firms regarding their cyber security: 'Like all businesses, law firms are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity. Losing access to this technology, having funds stolen or suffering a data breach through a cyberattack can be devastating, both financially and reputationally, not only for the firm but also their clients. The NCSC is not just here to look after the IT systems of UK government. We are committed to supporting the legal sector and we encourage you all to implement the guidance outlined in (our) report.' The report is available online here.

The perils of remote working

Many experts believe the rise in cyberattacks on law firms is directly linked with the increase in legal advisors working from home during the pandemic. According to the Solicitors Regulation Authority (SRA), there was a 300% increase in phishing attacks in the first two months of lockdown in 2020. For the first half of 2020, cybercrime cost UK law firms an estimated £2.5m, which was three time more than the same period for 2019.

One of the biggest concerns is the number of law firm employees working from home on less secure devices than those of the office network, according to the SRA. A typical example of what the organisation is now seeing from the legal sector are phishing attacks - similar to that which hit DLA Piper. As soon as an unwary employee clicks on an attachment in such an email, it sends emails to the partners' connections to request information or access.

The SRA's Risk Outlook report of 2020 noted a 300% increase in phishing scams during the first two months of lockdown and warned of similar spikes being likely as Covid vaccines were being distributed. Paul Philip, the SRA chief executive, said at the time: 'The Covid-19 pandemic has presented real challenges for all of us and how we work. While it will take some time for the implications to be fully understood, it is already clear that the pandemic has also exacerbated many of the wider, day-to-day risks faced by law firms and their clients.'

Firms are advised to have procedures for dealing with cyber risks and know when to report incidents to the Information Commissioner's Office and SRA. Reports of successful attacks should be made even if the firm or its insurers has already repaid any financial losses.

So, what else should firms do?

Cyber threats can be prevented - but will never be eliminated

It is impossible to be threat free, but if staff are not properly trained in recognising scams, cybercriminals will easily breach a firm's security defences.  MK Palmore, an information security executive at the FBI, said it most succinctly: 'You have to be right every time. [Cybercriminals] only have to be right once.'

Timely response and transparency

DLA Piper is a good example of a law firm that informed the Information Commissioner's Office the moment that the attack happened and started to mitigate its response to the breach within moments. It's a good example of a firm that dealt with the problem almost as soon as it happened - and will go some way to reinforcing the firm's reputation as cyber security experts.

Being prepared for an attack

A 2018 report by US security firm LogicForce looked at 200 US law firms and found that all those surveyed had been subject to cyberattacks. While only 40% of these attacks were successful, 40% of those that were breached were unaware of it, revealing that a typical law firm is not protected enough and that threat detection is too weak.

Off-site data storage, cybersecurity education and proper detection in a response plan

Backing up data in the cloud or in an off-site data centre will minimise a firm's downtime during and after the attack. Likewise, employees need to be educated to ensure they back up all data into the cloud or the off-site server.

Access, file sharing and pen testing

Law firms should set up protocols for transferring files to and from clients, opposing counsel and regulators. They should limit access to client files inside the law firm by granting access only to certain people. Annual training should take place for all staff on cybersecurity issues. Periodic testing including penetration testing should take place for vulnerabilities.

Ransomware insurance and liability

Firms should discover if their insurance reimburses for the cost of ransomware payouts and, if so, how much. Law firms have additional considerations: the data that lawyers retain is highly sensitive and cybercriminals are well of aware of this. Lawyers need to recognise the threat, understand the risks, and prioritise preventions and measures that will protect them in the event of a ransomware attack.

 

Andrew Chilvers is head of GDPR and data protection at MAPS Solutions Europe Ltd.

Share this page