National Cyber Security Centre
Legal firms urged to strengthen cyber defences with latest guidance from experts
Updated report from the NCSC highlights the key threats that the UK legal sector face and how to improve their cyber security.
- UK legal sector faces range of online threats – from criminals seeking financial gain to nation states looking to steal data, new report highlights
- Due to evolving cyber landscape, the NCSC has produced a new report with latest advice to help legal firms stay secure against common attacks
- Law practices strongly urged to follow advice to protect themselves and the important data they hold
LEGAL firms have been issued with the latest guidance and steps to take to combat the evolving cyber security threats the sector faces.
The National Cyber Security Centre – which is part of GCHQ – has published its latest Cyber Threat to the Legal Sector report to highlight the potential threats to legal firms, from ransomware attacks by criminals to intellectual property theft by state actors.
The report, which updates a previous iteration from 2018, looks to help UK law practices of all sizes and types of law be more resilient to the main methods of attack.
It warns how the widespread adoption of hybrid working, accelerated during the COVID-19 pandemic, has increased the risks online and how sensitive information and the sums of money firms often handle can make them particularly attractive targets to attackers.
The report also contains case studies which emphasise the severe impacts that incidents can have; for example, conveyancing firm Simplify Group was left unable to process house moves for weeks after an attack, which is reported to have cost the company £6.8 million.
And another firm, Tuckers Solicitors LLP, had data relating to 60 court cases stolen and leaked on the dark web after it fell victim to a ransomware attack.
NCSC CEO Lindy Cameron said:
“The UK legal sector carries out essential work to uphold our society; however, we know the sensitive data legal firms handle can make them attractive targets to online attackers.
“With the cyber landscape constantly evolving, the NCSC has produced an up-to-date picture of the latest threats facing the sector, alongside advice and guidance designed to ensure the sector can stay secure.
“I urge all legal practices to follow the guidance in this report and take full advantage of the NCSC’s tools that it recommends to help increase their cyber resilience.”
The report has been produced with input from a range of industry experts and stakeholders, including the Law Society, the Bar Council, the Solicitors Regulation Authority, Action Fraud, National Crime Agency and the NCSC’s Industry 100 partners.
The Bar Council CEO Malcom Cree said:
"This new report is both welcome and important. It provides extensive advice, information, and assistance to equip the legal sector with a better understanding of the challenges we all face. The report enables us all to reflect on the many challenges and focus on building better cyber security resilience in the legal sector.”
The Law Society President Lubna Shuja said:
“It is vitally important that solicitors and law firms, whether large or small, are aware of the cyber threats they face and take steps to safeguard their systems. This new report from NCSC is a timely intervention that will be an essential resource for our members, providing information, practical guidance, and tools to help the legal sector protect the sensitive data it holds against cyber attack.”
The NCSC has a range of guidance and tools that organisations can access to improve their cyber security resilience, including the NCSC’s Active Cyber Defence (ACD) programme or the Cyber Essentials programme to secure a baseline of cyber security protections.
Also, following a successful initial first year, smaller legal aid organisations can apply for free support with securing Cyber Essentials certification through the Funded Cyber Essentials Programme.
Latest News from
National Cyber Security Centre
UK exposes attempted Russian cyber interference in politics and democratic processes08/12/2023 10:29:00
The UK condemns Russia’s sustained attempts at political interference in the UK and globally.
UK and allies expose Russian intelligence services for cyber campaign of attempted political interference07/12/2023 14:25:00
The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes
NCSC launches Cyber Incident Exercising scheme06/12/2023 15:25:00
New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.
UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains23/11/2023 16:05:00
Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.
NCSC warns of enduring and significant threat to UK's critical infrastructure16/11/2023 10:05:00
The NCSC's seventh Annual Review raises awareness of the increasingly unpredictable threat landscape.
UK and Singapore secure agreement against ransomware payments03/11/2023 10:22:00
Members of the CRI have signed a joint statement pledging that central government funds should not be used to pay ransoms to cyber criminals.
UK and allies support Ukraine calling out Russia's GRU for new malware campaign31/08/2023 16:15:00
Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices.
Categorising UK cyber incidents23/08/2023 16:20:00
Explaining the NCSC and UK law enforcement categorisation model for cyber incidents.