CYBERSECURITY FOR LEGAL FIRMS
Confidentiality is in the DNA of law firms, whether criminal or corporate. The volume of information that law firms hold – increasingly in the cloud – is vast, and much of it is not for public consumption. Of course, this means that it is a target for cybercriminals who see opportunities to make money. Dr Keiran Fleming, CTO for the Barrister Group, says the cyberthreats to law firms are substantial and growing. “The National Cyber Security Centre has repeatedly flagged the legal sector as one of the most targeted professional services industries in the UK,” he says. “The most common attack vectors are phishing and spear-phishing – by far the most prevalent, often tailored to look like court correspondence or Bar Council communications, business email compromise, ransomware attacks targeting case management systems and supply chain attacks through less well- defended third-party vendors.” Phil Skelton, international business director, at eSentire, notes that the number of successful cyberattacks against UK law firms increased by 77% in 2024, according to the 2025 Cyber Security Breaches Surve y, with 55% of professional firms reporting cyber breaches. “Legal firms are still seeing an increase in experiencing phishing attacks, making it the most widely reported cyber incident,” he adds. “AI is making this more effective, with AI-generated phishing achieving significantly higher click- through rates than human-crafted attacks. “Also, ransomware attacks on UK law firms have also increased with the average ransom demands now exceeding £89,000, and the rise of Ransomware-as- a-Service.” Hybrid complications The growth in hybrid working continues to complicate matters for those in charge of security at legal firms. “Hybrid working has made security more complex, largely
because it removes the clear boundaries firms once relied on,” says Mike Perez, chief technology security officer at Ekco. “Legal professionals are now accessing sensitive information from a mix of locations and networks, which makes it harder to maintain consistent oversight and control. “This creates more potential entry points for attackers. Home networks and unmanaged endpoints can introduce risk that isn’t always visible to internal IT teams. At the same time, the way legal work is carried out hasn’t changed. Decisions are often time-sensitive, and access to data needs to remain seamless. “The challenge is maintaining that level of accessibility without weakening security. This is why many firms are shifting towards approaches that focus on identity and access rather than location, alongside stronger endpoint management and better visibility across their environments. “Hybrid working itself is not the issue, but it has exposed gaps in traditional security models that were built around an office-based environment. For many firms, this is accelerating the move towards externally managed security models that can provide consistent protection regardless of where work is taking place.” Chris Boland, cyber security consultant at SYTECH, adds that when employees use personal laptops or mobile devices that aren't under the firm’s MSP, the IT team loses all visibility. “For example, a solicitor might be reviewing a confidential document on a personal device that lacks critical security patches or is already compromised with malware however, without device management, there is no way to verify the health of that device before it touches sensitive case files,” he says. “Staff will often use a VPN to connect to their workplace network; however, VPNs themselves can be vulnerable and provide an opening for attackers. Having a managed vulnerability scanner
Contributors
Dr Keiran Fleming
thebarristergroup.co.uk
Phil Skelton
esentire.com
Mike Perez
www.ek.co
Chris Boland
sytech-consultants.com
CONTINUED
www.newsinthechannel.co.uk
39
Powered by FlippingBook