Law firms are a lucrative target for all types of cybercrime—and it’s no wonder why. From personally identifiable information (PII) and intellectual property (IP) to business transactions, the legal industry processes unmatched volumes of valuable, confidential data.
Unfortunately, the cybersecurity at most law firms isn’t cutting it. Research from the American Bar Association (ABA) found that over a quarter of surveyed attorneys have experienced a security breach. A single incident can instantly damage client relationships and devalue years of hard work—especially if sensitive data gets compromised.
The emergence of underground cybercrime markets has compounded this problem. Cybercrime-as-a-service offers sophisticated threat actors the opportunity to sell cyberattack tools and services, such as exploit kits and phishing-as-a-service, to more novice attackers and other willing buyers. Bad actors now have an alternative to the technical knowledge necessary to carry out their attacks.
Recent technological advancements, such as artificial intelligence (AI), have also made it easier than ever for threat actors to develop more tailored, convincing, and effective phishing attacks.
Read on to discover seven major industry threats and how to improve your law firm's cybersecurity.
1. Credential theft
Last year, 49% of data breaches involved the use of stolen credentials, making this a major risk to firms. It often starts with a malicious email designed to trick partners, lawyers, or staff into sharing login information.
If successful, the cybercriminal may sell the credentials or move further into the IT network to compromise sensitive documents and client data, edit or delete contracts, reset passwords, or cause other damage. And, since the attacker is using a legitimate account, it can be hard to detect something is wrong until it’s too late.
If an attorney, administrator, or even third-party consultant reuses the same credentials for different portals, this type of attack can quickly spin out of control. Using a password manager to create, store, and retrieve unique passwords for every account (and following cybersecurity best practices) is a quick way to reduce the impact of credential theft.
2. Financial redirection
Financial redirection occurs when an attacker intercepts payment between you and your clients. After gaining access to your email—often through credential theft—they may lay low and study activity to learn your billing process, business relationships, and payment schedule.
For example, right before you’d typically issue invoices, an attacker may email clients from your account asking them to redirect payment to a new location. Because the request appears to be coming from you, a trusted professional, they’ll likely assume this is a legitimate update.
Once the payment goes through, the attacker closes the bank account, erases evidence of any presence, and walks away with the client's money. Unfortunately, a single financial redirection attack can cause irreparable damage to a firm’s finances and reputation.
Accelerate your cybersecurity mastery.
Download our handpicked collection of cybersecurity resources and start strengthening your company’s cyber defence.
3. Ransomware attacks
Ransomware, a form of malware that encrypts important files and information, may begin with a malicious email or website download. Or the cybercriminal might exploit a vulnerability, such as an outdated operating system, to gain entry and launch the malware.
In the past, victims would receive a note demanding payment in exchange for data back. But today’s attackers often take a new approach. Rather than lock or delete your files, they’ll make copies and threaten to publish them.
Both outcomes can be devastating. Since most lawyers bill by the hour, losing access to critical case files will cause immediate financial damage. And, because you work with confidential information daily, publicly exposing it could crush client trust and potentially lead to a lawsuit.
Cybercriminals targeted six law firms between January and February 2023 with the GootLoader and SocGholish malware. They used two tactics: sending fake legal agreements and secretly adding malware-hosting fraudulent blog posts to vulnerable WordPress sites that lawyers often visit.
Once lawyers downloaded these fake programs, the malware could upload other ransomware and secondary malware that gained further access into the firms' networks.
Backing up data in the cloud is an important precautionary step—but it’s not a guarantee. What’s worse, paying the ransom also doesn’t mean you’ll get your assets back. The attacker may still delete or publish files after receiving their money.
4. Nation-state attacks
The nature of their work means lawyers often hold national secrets, intellectual property, or other private data. This makes the legal industry a unique target for nation-state attacks launched by foreign governments (or, similarly, state-sponsored attacks carried out by cybercriminal groups).
Earlier this year, the Russian-linked ransomware group ALPHV/Blackcat hacked Australia's largest legal partnership, HWL Ebsworth, stealing 3.6 TB worth of client data, including from 65 government agencies and departments. The group later published 1.1 TB of this data online, which comprised nearly $140 million of value.
Your practice may be particularly vulnerable if you have information that helps the attackers’ mandate or gives the companies in that country a leg up on their competition. Unlike amateur hackers, these groups can be extremely skilled and persistent. Following best practices and having strong cybersecurity is necessary to defend against them.
5. Supply chain attacks
Supply chain attacks comprise any cyberattack in which a threat actor targets a weak link in your supply chain to gain access to your network or data. These attacks exploit the basic sense of trust that exists in the relationships between companies and their vendors, service providers, and other suppliers.
Client information from US law firm Quinn Emanuel Urquhart & Sullivan was recently leaked during a ransomware attack on the firm's third-party data center for document management.
Supply chain attacks such as these are increasingly common. Because supply chains have expanded to many more distribution points now, there are many more openings in law firms for cyberattacks. Even small to medium-sized firms have a lot of vulnerable suppliers you may not consider, including:
- Finance, billing, and payments platforms
- Heating, ventilation, and air conditioning
- Janitorial and cleaning systems
Be certain that the third-party vendors and suppliers you partner with take cybersecurity as seriously as you do.
6. Password attacks
Despite the ubiquitous warnings against simple passwords, Cybernews reports that most people still use passwords that are easy to guess. The top five most common are:
People have many online accounts today, and they find it easier to remember them all by using simple passwords or the same ones across all their accounts—sometimes both. This makes it easy for cybercriminals to gain access to your systems through brute-force guessing passwords.
Some core identity and access threats to law firms include:
- Offering account permissions to data and services that aren't relevant to employees' roles, allowing attackers to access more sensitive data and other critical systems through compromised accounts
- Providing more open access with improperly configured cloud systems, making data sources accessible to anyone
- Not using multi-factor authentication (MFA) to add an extra authentication step that makes it harder for cyber attackers to access your systems, even with valid account credentials
Implementing MFA for all logins and using password managers that generate and store unique complex passwords mitigate the risk of a password attack.
7. Insider threats
Cybersecurity tends to focus on external threats, like financially motivated hackers or state-sponsored ransomware groups. However, intentionally or not, the threat may also come from within.
74% of organizations report that insider attacks have become more common, according to a 2023 Cybersecurity Insiders study. 74% also say they are at least moderately vulnerable to these threats. Over half the organizations faced an insider threat in the last year, and 8% had more than 20.
The potential damage has also increased. A 2022 Ponemon Institute study found that the time taken to contain an insider threat has risen from 77 days to 85 days, increasing organizations' containment costs. When incidents took over 90 days to contain, companies faced a cost of $17.19 million annually.
Insider threats are especially hard to stop because there is no way to tell someone's intentions when they access sensitive information they have permission to access. This is why organizations are moving towards zero-trust models, including the US Department of Defence, which has announced its roadmap to adopting a zero-trust strategy by 2027.
The three keys to this approach are:
- Continuously verifying access to all resources
- Proactively minimizing impact in case an external or insider breach occurs
- Automating context collection from the entire IT stack to offer the most accurate response
Why law firms need cybersecurity
Attack frequency, size, and scope are increasing
Years ago, law firm cyberattacks were simplistic, infrequent, and rarely front-page news. For the most part, cybercriminals were acting alone, hacking into systems for fun or notoriety.
But they’ve quickly evolved. In 2023 alone, we saw breaches at many well-known practices, including Proskauer Rose, Kirkland & Ellis, and K&L Gates.
Attackers are organized, with more skill and speed than ever. It’s no longer just Fortune 500 companies at risk; it’s everyone—including law offices.
Your reputation depends on it
Trust is everything in the legal industry. Experiencing a cybersecurity incident will damage the reputation and integrity of your firm.
Clients may ask questions about your firm's cybersecurity approach; prospects may research your history of breaches. A single breach may push them and existing clients to search elsewhere for representation.
The highest-profile and highest-paying clients place the most importance on their information staying private. Gaps in defense could cripple your hard-built reputation, making the difference between winning lucrative contracts and losing out on major opportunities.
You may have a legal obligation
Cybersecurity regulations for law firms are heating up. There are a growing number of state and federal laws governing data privacy, including:
- The General Data Protection Regulation (GDPR)
- The Personal Information Protection and Electronic Documents Act (PIPEDA)
- The California Consumer Privacy Act (CCPA)
Failure to comply poses a serious risk. Your practice could face lost business, six-figure fines, and even prosecution. Beyond legal compliance, you may be ethically liable for improving your defence.
Hybrid work environments are at greater risk
The new working norm is a hybrid workplace—combining in-office and at-home workers. This business model allowed operations to continue through the pandemic despite strict health measures but also introduced new remote working cyber risks and threats.
Now that confidential client information is spread widely across a distributed, virtual environment, there’s more pressure than ever to implement a strong, end-to-end defense.
Protect what matters most
Cyber insurance is not enough. Traditional cybersecurity measures typically aren’t either. New attacks constantly arise, targeting vulnerabilities you may not have been aware of.
You need a holistic approach to your law firm's cybersecurity that offers a full view of your entire IT environment—networks, cloud services, devices, remote users—to protect your teams, clients, and data. But this is hard to execute, and it often needs specialized skills to make sense of data and prioritize threats.
Keeping up with current cybersecurity concerns, along with all your other responsibilities, is a challenge. You've got a law firm to run, and cybersecurity may not be in your wheelhouse.
With Field Effect’s Covalence, you get a complete cybersecurity solution, with sophisticated technology that monitors your full IT environment and a team of experts offering 24/7 support. Let us handle your cybersecurity so you can confidently free up some time in your busy schedule.