Ransomware and spear phishing are the latest in sophisticated cyberattacks targeted at law firms, writes Nick Lennon.
Law firms are the perfect target for hackers and arguably the most vulnerable. As keepers of individual's and organisation's most sensitive, and often most valuable data, law firms are a primary targets for hackers. Why? The ransom figure for this type of information is extraordinary and a breach gives lawyers little option but to pay the ransom to regain control of their business. A security breach is one of the last things a lawyer wants to disclose to a client.
In 2015, one in four law firms have fallen victim to a security breach and one in three businesses have been the target of a ransomware attack. How, you ask? Your email is a vault of shared information from clients and privileged parties and email is the open door for many hackers. A successful attack of a firm’s email system gives hackers access to the most sensitive details at their fingertips.
Attackers can compromise a firm’s email systems in a number of ways. One way is to disrupt business as usual and impede targeted law firms’ communications. A recent Galaxy Research survey of IT managers across a range of industries put the financial losses from email outages at anywhere from thousands of dollars to hundreds of thousands of dollars.
Yet the damage caused by disruption pales beside the damage that email can cause as a vehicle for more sophisticated and nefarious attacks. Viruses and other malware can disrupt law firms’ administration and billing systems, steal data and force technology administrators to spend valuable time and resources detecting and removing them. Unsurprisingly, the Galaxy Research survey found that nearly all IT managers across all industries were aware of the threats posed by viruses, malware and outages.
While legal firms and other businesses can recover from a ransomware attack by restoring systems and files from backups, firms may suffer from lost productivity and reputational damage. Law firm Cavill Leitch recently experienced an incursion from the Cryptolocker ransomware and had to restore from a clean incremental data backup from earlier in the day.
Managing partner Julian Clarke was quoted as saying: “It is still a frightening prospect and we are speaking out . . . to encourage others who might be less well prepared to be aware of the risk."
Spearphishing is another security threat that faces more than half of legal firms and the legal profession is the top target for these kinds of attacks. Disguised as a fake email to targeted groups of people, attackers trick them into revealing information or downloading malware – as a genuine threat. Global intellectual property consultancy Rouse & Co. was among firms targeted by an increased number of spear phishing emails.
Manager Matthew Blewett acknowledged the concern: “Our users began reporting even more potentially threatening emails to the IT department – they wanted to be sure that clicking on the supplied link wouldn’t be dangerous, either by downloading some malware or by asking for credit card or other personal log-in details."
These trends are gaining strength at the same time as many law firms and businesses consider adopting cloud-based email services. Also international cloud services remain important for legal and technical reasons. The Galaxy survey revealed about three-quarters of businesses considered it important that business and customer data be hosted within Australia, primarily for legal and compliance reasons. Nearly the same share rated application performance and latency as reasons for onshore hosting.
With client pressures and scrutiny on the rise with increased demands for proof of protection of sensitive data, law firms need to act to defend the inevitable breach. So what can law firms do to defend the breach? Using traditional security approaches to mitigate the threat of email-borne attacks is no easy task for law firms. Businesses need to combat both the social engineering and technical elements of these threats. On the social engineering side, this means helping educate partners, employees, contractors and customers not to click on links in emails that appear to be legitimate.
The technical element may be even harder to address as traditional anti-spam and anti-virus solutions may not recognise threats presented by links in the body of a fake email. While web proxies may pick up malicious links, they cannot protect all of the devices that employees and clients use to connect to the web. In addition, malicious emails are increasingly being crafted to be indistinguishable from messages sent by legitimate organisations.
The answer lies in multi-layered, cloud-based security systems hosted in Australian data centres that protect against traditional and advanced threats before they reach the network. By adopting a ‘zero trust’ approach that treats every email as possibly malicious and checks links ahead of users clicking on them, a business can thwart the intentions of criminals.
Nick Lennon is the country manager of cloud provider Mimecast Australia