*/
Risk managing ransomware threats: a Quorum Cyber briefing for barristers. By Mike Pini
Among the various types of cyber security threats that every organisation dreads today, ransomware attacks arguably pose the most serious challenge to the legal sector. As their techniques have become more sophisticated, financially motivated cybercriminals have become bolder and more confident.
The nature of cybercrime means it’s fluid and evolves at a rapid pace. However, while cyber security might seem very technical, at Quorum Cyber we see it simply as risk management. Like any risk, it needs to be managed properly and proportionately to the potential consequences.
Our purpose is to help organisations steadily reduce their risk over time, and in a way that fits their budget and their risk appetite. We believe that when people work together and communicate clearly, they can minimise any kind of cyber threat. So, although we’re a team of cyber security and technology experts, we’re focused on providing positive results and outcomes. We already help more than 150 organisations around the world, including in the legal sector in the UK, to reduce their risks, regardless of what new threats are thrown at them.
Cybercriminals are notorious for constantly adapting their tactics, techniques and procedures (TTPs) to bypass existing defences and avoid being caught. A new approach that has quickly gained popularity in nefarious circles is the double extortion tactic. Once inside a network, the adversary will try to copy any data they want (and more) and store it elsewhere. They then encrypt the data inside the organisation’s network. This way they can demand two payments: one for not publishing the data stolen online and a second for the decryption key.
Their next move varies from criminal group to group, but they can typically demand contact and payment by a fixed deadline. They might show evidence that they have copies of your data, together with a threat to release all or part of it on a dedicated website if they aren’t paid in full. Occasionally, they might increase the ransom demand over time on a sliding scale – the longer one takes to pay, the more expensive it gets.
For some people, just the threat of having their clients’ confidential data put on display for the world to see is frightening enough – so they have promptly paid the ransom fee in full. But this has come with mixed results. While some gangs have been known to stick to their word, others take the money and publish or sell the information anyway.
Paying is not advised. It just stokes the flames, giving them more confidence and more money to invest in better tools to launch more cyber-attacks. In July this year, the UK’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) wrote a joint letter to the Law Society and Bar Council to remind their members not to advise any of their clients to pay ransomware demands. The ICO also underlined that they would not reduce any fines just because firms had already paid a ransom.
Needless to say, double extortion can be extremely damaging to anyone’s reputation with their customers and for the legal industry as a whole.
So, how can anyone whose business depends on their professional reputation be sure they have the optimal security in place to avoid becoming another case study? Unsurprisingly, cybercriminals will almost always reach for the lowest-hanging fruit. Why target the toughest defences when there are easier places to break into? They aren’t looking for an intellectual challenge, just a way to make a quick windfall.
So, adopting good cyber hygiene is fundamental to making sure you’re on the right path to achieving cyber resilience. Certifying to the NCSC’s Cyber Essentials and Cyber Essentials PLUS will lay the foundations. And there are many more actions you can take to improve your security posture over time and within budget.
We’ve partnered with businesses of all sizes across a wide variety of industries to help them achieve their cyber security goals and regain the confidence and peace of mind to carry out their profession. As a Microsoft Solutions Partner for Security (formerly called Gold Partner) and member of the Microsoft Intelligent Security Association (MISA) we have the expertise to help you, however you like to work and whatever technology you currently use.
You can learn more about how we help organisations thrive in an increasingly hostile and unpredictable digital environment by visiting our website or reach out to us if you have any questions at info@quorumcyber.com
Among the various types of cyber security threats that every organisation dreads today, ransomware attacks arguably pose the most serious challenge to the legal sector. As their techniques have become more sophisticated, financially motivated cybercriminals have become bolder and more confident.
The nature of cybercrime means it’s fluid and evolves at a rapid pace. However, while cyber security might seem very technical, at Quorum Cyber we see it simply as risk management. Like any risk, it needs to be managed properly and proportionately to the potential consequences.
Our purpose is to help organisations steadily reduce their risk over time, and in a way that fits their budget and their risk appetite. We believe that when people work together and communicate clearly, they can minimise any kind of cyber threat. So, although we’re a team of cyber security and technology experts, we’re focused on providing positive results and outcomes. We already help more than 150 organisations around the world, including in the legal sector in the UK, to reduce their risks, regardless of what new threats are thrown at them.
Cybercriminals are notorious for constantly adapting their tactics, techniques and procedures (TTPs) to bypass existing defences and avoid being caught. A new approach that has quickly gained popularity in nefarious circles is the double extortion tactic. Once inside a network, the adversary will try to copy any data they want (and more) and store it elsewhere. They then encrypt the data inside the organisation’s network. This way they can demand two payments: one for not publishing the data stolen online and a second for the decryption key.
Their next move varies from criminal group to group, but they can typically demand contact and payment by a fixed deadline. They might show evidence that they have copies of your data, together with a threat to release all or part of it on a dedicated website if they aren’t paid in full. Occasionally, they might increase the ransom demand over time on a sliding scale – the longer one takes to pay, the more expensive it gets.
For some people, just the threat of having their clients’ confidential data put on display for the world to see is frightening enough – so they have promptly paid the ransom fee in full. But this has come with mixed results. While some gangs have been known to stick to their word, others take the money and publish or sell the information anyway.
Paying is not advised. It just stokes the flames, giving them more confidence and more money to invest in better tools to launch more cyber-attacks. In July this year, the UK’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) wrote a joint letter to the Law Society and Bar Council to remind their members not to advise any of their clients to pay ransomware demands. The ICO also underlined that they would not reduce any fines just because firms had already paid a ransom.
Needless to say, double extortion can be extremely damaging to anyone’s reputation with their customers and for the legal industry as a whole.
So, how can anyone whose business depends on their professional reputation be sure they have the optimal security in place to avoid becoming another case study? Unsurprisingly, cybercriminals will almost always reach for the lowest-hanging fruit. Why target the toughest defences when there are easier places to break into? They aren’t looking for an intellectual challenge, just a way to make a quick windfall.
So, adopting good cyber hygiene is fundamental to making sure you’re on the right path to achieving cyber resilience. Certifying to the NCSC’s Cyber Essentials and Cyber Essentials PLUS will lay the foundations. And there are many more actions you can take to improve your security posture over time and within budget.
We’ve partnered with businesses of all sizes across a wide variety of industries to help them achieve their cyber security goals and regain the confidence and peace of mind to carry out their profession. As a Microsoft Solutions Partner for Security (formerly called Gold Partner) and member of the Microsoft Intelligent Security Association (MISA) we have the expertise to help you, however you like to work and whatever technology you currently use.
You can learn more about how we help organisations thrive in an increasingly hostile and unpredictable digital environment by visiting our website or reach out to us if you have any questions at info@quorumcyber.com
Risk managing ransomware threats: a Quorum Cyber briefing for barristers. By Mike Pini
Sam Townend KC explains the Bar Council’s efforts towards ensuring a bright future for the profession
Giovanni D’Avola explores the issue of over-citation of unreported cases and the ‘added value’ elements of a law report
Louise Crush explores the key points and opportunities for tax efficiency
Westgate Wealth Management Ltd is a Partner Practice of FTSE 100 company St. James’s Place – one of the top UK Wealth Management firms. We offer a holistic service of distinct quality, integrity, and excellence with the aim to build a professional and valuable relationship with our clients, helping to provide them with security now, prosperity in the future and the highest standard of service in all of our dealings.
Is now the time to review your financial position, having reached a career milestone? asks Louise Crush
If you were to host a dinner party with 10 guests, and you asked them to explain what financial planning is and how it differs to financial advice, you’d receive 10 different answers. The variety of answers highlights the ongoing need to clarify and promote the value of financial planning.
Most of us like to think we would risk our career in order to meet our ethical obligations, so why have so many lawyers failed to hold the line? asks Flora Page
If your current practice environment is bringing you down, seek a new one. However daunting the change, it will be worth it, says Anon Barrister
Creating advocacy opportunities for juniors is now the expectation but not always easy to put into effect. Tom Mitcheson KC distils developing best practice from the Patents Court initiative already bearing fruit
National courts are now running the bulk of the world’s war crimes cases and corporate prosecutions are part of this growing trend, reports Chris Stephen
Let’s hear it for the assessors, says Dame Anne Rafferty of the KC Selection Panel. And to make silk assessors’ lives a little easier when applicants come calling in May, Dame Anne fields some commonly asked questions