Securing legal endpoints: NCSC’s strategies against cyber risks – blog by CTS
In an age where digital transformation has revolutionised various industries, the legal sector finds itself both benefiting from technological advancements and grappling with new vulnerabilities.
The surge towards remote work, prompted by the global COVID-19 pandemic, brought increased efficiency but also posed challenges in maintaining secure practices and client confidentiality.
With the shift to remote work, cyber threats have surged twofold, as reported by Reuters. Cybercriminals exploited the uncertainty of the pandemic era, using tactics like phishing and malware attacks to exploit vulnerabilities and compromise data.
In essence, the legal sector stands at an intersection of innovation and vulnerability. As it continues its journey into the digital age, the sector must be equipped not only to harness the advantages of technology but also to navigate the ever-evolving threat landscape.
The National Cyber Security Centre’s (NCSC) recently published “Cyber Threat Report: UK Legal Sector (2023)” sheds light on the evolving cyber threats faced by legal practices, highlighting the need for robust cybersecurity measures and offering the latest advice to help firms stay secure against common attacks.
The current threat landscape
The NCSC report identifies a variety of cyber threats that have targeted the UK legal sector in 2023. These threats encompass a broad range of tactics, techniques, and procedures employed by malicious actors seeking to exploit vulnerabilities and gain unauthorised access to sensitive data. Among the threats outlined in the report are:
- Phishing
Phishing emails, camouflaged amidst the flood of everyday correspondence, persist as the foremost cyber threat haunting law firms. With a staggering 320 billion daily emails in 2021—a number projected to escalate to 375 billion by 2025— it is no surprise that cyber criminals are using this format to conduct their attacks, reaching millions of users every day.
One of the most popular strategies the NCSC highlights are threat actors who monitor LinkedIn to track new starters at law firms and pose as them to send a fraudulent email to the firm’s HR department. Typically, they will make a fraudulent request to modify the payroll account details, with the aim of siphoning off salary payments.
- Ransomware
Ransomware, a form of malicious software (malware), is designed to block access to your computer or the data stored within it. During a ransomware attack, your data is usually either encrypted (rendering it unusable) or, in some cases, stolen. What’s more concerning is that attackers might threaten to expose your sensitive information online, which poses great risk to the legal sector, which handles highly confidential data.
Typically, ransomware attacks are accompanied by a ransom note demanding payment to unlock the encrypted data, with payments frequently demanded in the form of cryptocurrency for anonymity.
The NCSC advises businesses to be transparent about ransomware attacks by seeking assistance and openly communicating with both the NCSC and the Information Commissioner’s Office (ICO). This collaborative approach not only benefits your firm but also contributes to enhancing the overall threat landscape for everyone.
- Password attacks
Safeguarding data, systems, and services demands thorough protection. Equally crucial is comprehending who or what requires access and the circumstances governing it. A robust identity and access management strategy will make it difficult for cybercriminals to pose as legitimate users, all while ensuring streamlined access for authorised individuals across your firm.
The main identity and access threats to law firms are:
– Reused Credentials: Using the same passwords for multiple sites can expose work accounts if the password is revealed, like in data breaches.
– Weak Passwords: Easily guessed passwords are vulnerable to quick attacks, risking unauthorised access to law firm systems.
– Excessive Permissions: Failing to limit account access lets attackers use compromised accounts to reach sensitive data and critical systems.
– Open Access: Misconfigured cloud systems can leave data accessible to anyone, as attackers scan for these vulnerabilities.
– MFA Absence: Without multi-factor authentication (MFA), using only a password as the primary barrier, attackers are presented with a vulnerable entry point into systems.
Defending beyond the perimeter
Given the highly sensitive nature of the legal sector’s operations, involving confidential client data and legal records, ensuring robust endpoint security is of paramount importance to fend off cyber threats.
It’s worth highlighting that a significant 70% of successful breaches originate from endpoint devices, the usual suspects being laptops, mobile phones, and desktops. With the prevalence of remote work, these devices are now extensively used beyond the secure office network, creating vulnerabilities in cybersecurity defences, leaving legal firms remarkably exposed to potential attacks.
Breaches that originate from these vulnerable endpoints can swiftly propagate throughout a firm’s entire network, resulting in compromised systems, unauthorised access, and data leaks.
Compounding this situation, numerous firms are transitioning from Citrix-based systems to laptop-centric models. This shift alters how security management is handled on these devices, necessitating comprehensive cybersecurity frameworks to ensure the safeguarding of both the firms and their sensitive data.
And this is where endpoint management comes into play.
To delve deeper into this critical topic, we invite you to participate in our upcoming webinar, “Safeguarding Your Legal Practice: A Non-Technical Guide to Endpoint Protection”. During this session, you’ll gain insights into CTS’ Managed Endpoint for Law service, which is specifically designed to provide tailored protection for law firms against a multitude of cybersecurity threats, including phishing, malware, password attacks, and more.
Don’t miss this opportunity to register and empower your firm with proactive measures to outpace potential attackers. Take charge in shielding your firm’s invaluable assets and stay ahead in the realm of cybersecurity. Join us and elevate your firm’s security posture.
