In this first blog of our series on email cyber threats to law firms, we look at how an email can damage your law firm and why it is still a big threat.
A single email can destroy your firm’s reputation – and not an email you accidentally send to the wrong client. We are talking about emails sent by cyber criminals.
Law firms are well aware of the risk of malicious emails, with many having invested heavily in security and training. Yet the problem continues to get considerably worse – in Mimecast’s recent ‘state of email security’ report:
- 97% of firms questioned reported being targeted by email phishing attacks.
- 2/3 of respondents had suffered a ransomware attack.
With over 90% of cyber attacks starting with an email, it clearly remains one of the biggest cyber threats to law firms that has not been properly addressed.
Why does this remain a problem?
Law firms have long been prime targets for cyber criminals. The large amounts of personal, sometimes sensitive personal data, handling of large financial transactions and need to maintain their reputation makes the legal sector a prime revenue-generating opportunity for cyber-criminal gangs.
Of course, proactive law firms have invested significant sums on the latest artificial-intelligence-based email security, regular cyber-awareness reinforcement training for their staff – and securing their systems with multifactor authentication. So why do these attacks keep happening?
Two key challenges
- Not all law firms have invested heavily in cyber security. Which means they are not as well protected or prepared to deal with an incident when it happens. Cyber criminals are experts at identifying the weaker links and such firms are suffering an increasing number of costly cyber breaches.
- There’s an ongoing ‘arms race’ between cyber criminals and the companies they are after. Cyber criminals are constantly developing and improving their attack tools in response to the deployment of increased layers of cyber protection by firms. Many law firms make a one-off, significant investment in their cyber defences. This may make them safer at that point in time, but without a strategy to continually improve defences, and developing a ‘cyber secure culture’ in the business, the impact of such improvements soon diminishes.
How do emails lead to cyber breaches?
Essentially the types of email attack remain the same:
- Phishing (and variations including ‘Whaling’): where emails are sent trying to trick the recipient into clicking a link to a fake website designed to capture passwords or financial details. These attacks have become ever more convincing and harder to spot amongst the increasing number of ‘notification’ emails we receive from collaboration tools. Password theft is especially worrying as criminals have developed techniques to circumvent the protection given from multifactor authentication – see our article here.
- Malicious attachments: Fortunately, a good email security system will reduce the likelihood of malicious attachments reaching your inbox. However, criminals are using artificial intelligence to develop malware that is becoming more difficult to detect – so you should remain vigilant.
- Social engineering: Social engineering emails contain no malware or malicious links but instead are crafted to make the recipient believe they are engaging with a genuine individual such as a bank or IT support provider, with the intention of tricking them into disclosing valuable information (such as bank details or passwords) or making payments into criminal bank accounts. These are becoming more successful, with increasing numbers of staff working remotely and more information available on the internet and social media about people with which criminals can craft the attacks.
What happens if your firm gets breached from an email?
It could be a number of scenarios. The most worrying aspect however is that most breaches that start as a result of an email are not known about for an average of 200 days – in other words, the cyber criminals will be moving about in your IT systems over this period of time and you will have no knowledge of it. The result of this will often be data being removed from your systems, potentially data being encrypted and ransom demands being issued to you and possibly your clients.
What you should do about it
For Law firms to ensure they are able to continue to protect their reputation from cyber security breaches resulting from emails, organisational change in culture and strategy around cyber security is required.
Keep watching for our future blog where we explain how to address this. Or you can contact us to discuss your individual situation via the form below or by calling 0330 124 3599.