[ad_1]
Cybersecurity: a major risk
The National Cybersecurity Center (NCSC), part of the GCHQ, yesterday released its first report on the growing cyber threat to the legal profession
. "Nation-states will likely play an increasingly important role in cyberattacks globally, in order to gain strategic and economic advantage."
"The hacktivist community has also grown
The NCSC stated that, according to Action Fraud, in the two years prior to March 2018, 18 law firms reported hacking attempts.
"Such attacks tend to be more targeted in nature and are most likely initiated by phishing.They are often the work of more sophisticated cyber-actors such as organized crime groups and the United States. nations. "
According to the NCSC, the most significant threats to law firms are phishing, data breaches, ransomware and trade-offs – the report describes the dangers and actions companies can take. take it to fight them.
As for phishing, the Solicitors Regulation Authority has issued 110 scams against law firms up to now in 2018, but "there will probably be many others. "
He presented the case study of a" law firm of medium size having a turnover of several million pounds " , where a senior partner aired on social media iaux all the details of a business trip to Barcelona. A foreign-based gang used this information to launch a phishing attack against the company's accounts team. An account clerk received an email from an account spoofing the main partner's email address, ordering him to pay an invoice and imploring confidentiality.
Even though the firm had put in place a number of policies and procedures that systematized the payment of bills, they managed to persuade the account team to circumvent the rules, under the pretext of urgency, confidentiality and seniority.
The criminals also knew that the accounts team was committed to installing new accounting and training software on the new system. a staff member had mentioned him on Facebook. It was at that time that the criminals convinced the clerk to make an authorized payment of £ 35,000.
The section on ransomware refers to the global attack by DLA Piper that caused significant disruption for several weeks and that is to date
The attack used a new variant of the malware Petya (NotPetya) via the software update mechanism of ME Doc, a Ukrainian tax program which had been compromised to spread the malware.
The report said the attack appeared to be a ransomware attack; it was later identified as a destructive variant so that the data was encrypted.
DLA Piper used about 800 applications at a time and then went on to rebuild them. "Since the attack, the firm has launched a number of programs to strengthen business security and resilience."
With regard to cybersecurity trends, the report highlights the increasing use of artificial intelligence systems. saying: "AI can help counter future attacks, but can also be used maliciously, for example, to cheat fraud checks or create high quality phishing emails."
Ciaran Martin, CEO of NCSC, said: Law firms are increasingly dependent on information technology and, as a result, are victims of a whole series of activities. malicious cybernetics
"Loss of access to this technology, theft of funds or data breach by cyberattack." The NCSC is committed to supporting the legal sector as part of its role of making the United Kingdom Uni's the safest place to live and do business. Nline and that's why we think it's extremely important to offer the personalized advice and guidance described in this report. "
The report was created in collaboration with leading law firms working in the NCSC Industry 100 and the Law Society. Law Society President Christina Blacklaws said, "In the post-GDPR world and the online book and transaction business, it is essential that we have a shared vision and understanding of cyber threats and their impact. report as a positive step to help our members identify vulnerabilities and put in place appropriate protections and protections.
To help businesses, NCSC and its industry partners have also launched a legal industry group on the free cyberspace information sharing platform. 19659026]
[ad_2]
Source link