UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the the Information Commissioner's Office.
NetDocuments examined data from the ICO covering Q3 2022 to Q2 2023 and found that 60% of data breaches in the UK legal sector were the result of insider actions, the rest were from external actors.
In total, NetDocuments found that data from legal firms relating to 4.2 million people was compromised during the period analyzed.
Almost half of the cases impacted customers and 13% impacted employees.
Sharing data with the wrong person occurred in 37% of incidents Phishing and ransomware attacks were responsible for 27% of attacks.
Although the firm has not confirmed cause of the incident, one user on X posted a screenshot appearing to show the firm's listing on the leak site of prolific ransomware-as-a-service group LockBit.
In November 2021, the UK's largest conveyancing firm Simplify Group was the victim of a major cyber-attack that led to core business systems being taken offline.
This was reported to have cost the firm £6.8m in business.
The firm is said to have invested heavily to increase its cybersecurity resilience following the incident.
In 2023, the National Cyber Security Centre issued guidance and steps for legal firms to take to combat evolving cyber threats.
In the Cyber Threat Report: UK Legal Sector, the NCSC warned how the widespread adoption of hybrid working has increased the risks online.
It also highlighted how sensitive information and the sums of money firms often handle can make them particularly attractive targets to attackers.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Fri, 12 Jan 2024 09:30:21 +0000