NCSC Updates Cybersecurity Guidance for the Legal Sector

The UK’s National Cyber Security Centre (NCSC) has released updated guidance to help law firms mitigate the latest cyber-threats.

Worth an estimated £44bn ($56bn), the sector employs over 320,000 people and consists of roughly 33,000 businesses, according to the report. However, the size of these organizations and the amount of resources they dedicate to cybersecurity can vary significantly.

PwC claimed last year that the top 100 law firms spent an average of 0.46% of fee income on cybersecurity in 2022.

They are a popular target for attack for several reasons. Lawyers typically handle highly sensitive information for their clients, some of which could be used for insider trading or gaining the upper hand in negotiations and litigation, the NCSC warned.

Law firms also handle significant volumes of funds for their clients, and disruption due to ransomware can be costly. Smaller firms may also use external IT service providers, exposing them to possible supply chain attacks and making it difficult for them to assess their true level of cyber maturity.

Among the main threats to the sector highlighted by the report are:

Phishing emails designed to steal credentials or install malware
Business email compromise (BEC) aimed at tricking victims into wiring large sums of money to the attacker
Ransomware and other malware that could disrupt operations and steal sensitive information
Password attacks, which typically take advantage of poor security practices
Supply chain attacks, which smaller law firms are particularly exposed to

“It is vitally important that solicitors and law firms, whether large or small, are aware of the cyber-threats they face and take steps to safeguard their systems,” argued Law Society president, Lubna Shuja.

“This new report from NCSC is a timely intervention that will be an essential resource for our members, providing information, practical guidance, and tools to help the legal sector protect the sensitive data it holds against cyber-attack.”

NCSC Updates Cybersecurity Guidance for the Legal Sector

Phil Muncaster

You may also like

NCSC: Nation State University Attacks Could Harm UK

Hackers Steal Transfer Fees, Cripple Football Stadiums

BEC Volumes and Ransomware Costs Double in a Year

Three-Quarters of UK Schools Have Experienced a Cyber Incident

Why Cybersecurity Awareness Must be a Boardroom issue

What’s hot on Infosecurity Magazine?

How do I Repair Outlook PST File?

Over 850 Vulnerable Devices Secured Through CISA Ransomware Program

Ring to Pay Out $5.6m in Refunds After Customer Privacy Breach

How to Open and View OST Files Without Outlook

Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023

Nigerian 'Yahoo Boys' Behind Social Media Sextortion Surge in the US

Alarming Decline in Cybersecurity Job Postings in the US

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Russian Sandworm Group Hit 20 Ukrainian Energy and Water Sites

Dependency Confusion Vulnerability Found in Apache Project

Security Leaders Braced for Daily AI-Driven Attacks by Year-End

How to Navigate the Risks of Generative AI

Incident Response: Four Key Cybersecurity Measures to Protect Your Business

Disinformation Defense: Protecting Businesses from the New Wave of AI-Powered Cyber Threats

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Beyond Passwords: Securing the Digital Age with MFA, 2FA, and Passwordless Authentication

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024

NCSC Updates Cybersecurity Guidance for the Legal Sector

Written by

You may also like

What’s hot on Infosecurity Magazine?