The latest industry news, articles and events
No business of any size can ignore the heavy media coverage of cyber security and the threats that are presented with it. The latest cyber-attacks making the headlines have typically been large consumer organisations, such as Tesco, Yahoo and Talk Talk.
However, cyber-attacks against law firms are increasing and repeatedly targeted due to the vast amounts of money, information and client data that they retain. This is a troubling realisation, considering they are inherently built upon strict confidence and trust from clients. Even taking this into account, many firms do not even know they have been compromised when a cyber-attack takes place. By the time they realise a breach has taken place, significant damage may already have been done, with most then not knowing what to do next.
The logical question to ask about the consequences of a cyber-attack is ‘what is the cost to the business’? According to Ponemon’s Cost of Data Breach Study: Global Analysis, the average consolidated total cost of a data breach in the UK is £2.37 million (a 7% increase in 2013). The study also finds that the average cost incurred for each lost or stolen record increased from £95 to £104.
For large law firms, this would be a major inconvenience, however, they are not the only ones being targeted. Smaller firms are being targeted just as much, as cyber criminals may actually see them as an easier target due to the potential lack of infrastructure to prevent and respond to a cyber-attack. A well-executed cyber-attack could threaten the core of their business from the sheer cost of the attack alone.
Regardless of whether or not a firm is specialising in a magnitude of services on an international scale, or a boutique firm huddled away in a quiet town, it is just as important that they have cyber security measures installed and their employees educated. Although many are now more than conscious of the importance of cyber security, there are still those that lack a decent understanding of what precautionary measures to take to mitigate risks (and those who are still ignorant to the threats).
When a cyber security breach takes place, one of the immediate questions asked is the cost implications to the business. This is of course not to be taken lightly, but due to the nature of the work undertaken by law firms, reputational damage needs to be taken just as seriously. Major law firms deal with vast amounts of sensitive data and are entrusted by their client’s to keep this confidential and secure. This relationship is a foundation on which the legal profession is built upon.
A potential breach of this data incurred from a cyber-attack could seriously cripple a firm’s hard built reputation within the legal industry. Something that may not be easy to recover from.
Even with preventative measures in place, breaches can still occur as cyber criminals consistently evolve their attacks. A zero-day attack is a good example of this, which refers to a security hole in software that is unknown to vendors. This is exploited by hackers before it is identified and fixed. Symantec reported that in 2015, the number of new zero-day vulnerabilities discovered more than doubled to 54, a 125% increase from the year before.
For over 14 years’, CYFOR has been providing a proven solution to identify, secure and prevent a wide range of vulnerabilities. Starting from initial consultation to identify your firm’s resilience to a cyber-attack through to being protected if an employee steals sensitive company information. A detailed report will provide all recommendations to secure your company, complemented by a guide on how to remediate those risks in the most efficient manner when faced with a data breach.
This service offering is in response to these cyber threats, as we understand that every firm relies on the confidentiality, integrity and availability of its data. Lack of security awareness results in exploitation, loss of revenue and reputational damage. Managing these risks and protecting electronic information should be an integral part of any organisation’s information security policy.
London: 0207 438 2045
Manchester: 0161 797 8123