London-headquartered disaster recovery specialists DataBarracks says that 80% of its significant recoveries in 2016 involved helping clients including law firms to recover from cyberattacks.
Speaking to Legal IT Insider about the year ahead (see 2017: The year in focus), Peter Groucutt, DataBarracks managing director said: “Five years ago, all we did was help law firms deal with disasters arising from fire, flood, and human error, as well as things like hardware failure, but that has changed dramatically. Last year, over 80% of significant recoveries and events we helped clients with revolved around cyberattacks such as malware or a crypto virus, and so we normally have one or two big recoveries going on for clients that have been subject to an attack.
“In 2017, we’re expecting that to get worse – it’s certainly not going to get better. Mass crime is going on line – a lot more organised criminals are getting involved in cyberattacks. It’s profitable globally, relatively easy to do, and hard to detect, so why not diversify your criminal activities with cybercrime? Cybercrime is becoming more sophisticated and targeted. Spear phishing is becoming a lot more prevalent and that is one key area where we’re expecting to get worse.”
Around 40% of DataBarracks clients are law firms. Of the attacks, the majority involved ransomware, which encrypts a user’s files and demands money to unlock them. While ransomware can be introduced in a number of ways, in almost all major incidents handled by DataBarracks, email was the route cause.
Groucutt said: “Out of the cases we dealt with last year, pretty much all were to do with email. Email can be anything from a simple: ‘Here is your Amazon delivery – you’ve won this!’ to ‘You’ve been caught on camera, here is the photographic evidence.’ People think: ‘That’s not me!’ and click on it and that’s it. Then you get the ransom screen and the damage is already done.”
Whereas cyberattacks on organisations would once often have taken a scattergun approach, they are becoming far more sophisticated and targeted. “We see almost exclusively email attacks and often through senior leaders,” Groucutt says. “It is more efficient to send one email specifically targeting a senior partner saying: ‘Dear John, I saw you speaking last month at a conference and I’ve taken the liberty of sending you this link.’ And they think ‘I did speak there, I’m going to click.’ Because they are senior, they’ve got far-ranging access, so the amount of damage is far greater than if they were admin staff.”
Law firms engaged in M&A, or deals involving market sensitive information are particularly at risk. “As criminals become more mature and they find new ways of using a combination of spear phishing, whaling and social engineering, people will become more vulnerable,” Groucutt said. “People will become better at spotting the fake emails, but that assumes the criminals will be standing still. In fact, they will become much more efficient and effective at hiding the malware and getting people to click on the links or fall for their scam.”
The law firm culture means that lawyers receive many emails from unknown sources and expect to work quickly, making attacks harder to guard against. However, echoing the findings of our drafting habits research conducted in association with LexisNexis, Groucutt adds: “Often what techies struggle with in law firms is trying to persuade lawyers to adopt any kind of common practice.”
However, law firms are also refusing to publicly acknowledge the problem with one leading legal tech supplier commenting: “If you ask most law firms privately whether they have been subject to an attack, they’ll say yes. Ask if it was ransomware, they’ll say yes. And in many cases, ask if they paid it, they’ll say yes.