A recent study conducted by Atlas Cloud on over 5,000 law firms has uncovered a significant cybersecurity threat facing the legal sector in the UK. The study has revealed that passwords to work devices are being hacked and stolen, posing a serious risk to confidential information and transactions.
The research has highlighted that nearly three-quarters of UK law firms have experienced at least one employee password leaked into publicly available sources. This alarming statistic underscores the urgent need for improved cybersecurity measures within the industry.
Atlas Cloud, an IT services company, audited the cybersecurity competence of these law firms, making it the largest study of its kind in the industry. The audit focused on breached passwords, phishing protection, email hijack protection, and the overall attack profile of each firm. Additionally, the study assessed the alignment of firms with the UK Government’s Cyber Essentials program, which outlines various defense mechanisms.
Among the 5,140 firms audited, a staggering 72.2 per cent were found to have employee username and password combinations circulating on the Dark Web. The auditors discovered over a million passwords related to firms in the study, averaging around 195 password combinations per firm or 1.27 per individual. This means that for every person working in the sector, there is at least one username and password combination available for purchase by cybercriminals.
The study’s findings coincide with a recent report indicating a 77 percent increase in successful cyber-attacks against UK law firms over the past year. Cybercriminals exploit stolen username and password information to gain unauthorized access to IT systems, with the aim of extracting valuable information or intercepting transactions. In conveyancing, for instance, criminals often attempt to reroute purchase transactions away from a firm’s holding account, leaving the firm liable for any financial losses.
Pete Watson, CEO of Atlas Cloud, has advised Partners and IT Directors on the critical importance of implementing multi-factor authentication to mitigate such risks. While this additional security measure can help deter cyber threats, Watson emphasized the need for all employees to be well-versed in the tactics employed by cybercriminals to prevent breaches.
The study also identified other cybersecurity threats that firms should be aware of, such as the low implementation of DMARC, a protective measure aimed at preventing criminals from hijacking corporate domains. Additionally, the research categorized firms based on their digital attack profile and emphasized the need for firms to enhance their cybersecurity measures regardless of their size.
Despite the concerning findings, the study revealed that fewer than one in seven firms were certified as having achieved the minimum level of protective measures recommended by the Cyber Essentials program. This lack of certification could have implications for firms seeking Lexcel accreditation or engaging in public sector work.
Furthermore, the study highlighted the importance of specialized phishing protection technologies, with over half of firms employing solutions to filter out email impersonation attempts. This is crucial, as phishing remains the leading cause of breaches according to official UK statistics.
In conclusion, the study’s comprehensive analysis of cybersecurity threats facing the legal sector underscores the urgent need for firms to prioritize cybersecurity measures to protect their confidential information and clients. Implementing robust security protocols and increasing awareness among employees are essential steps in safeguarding against potential cyber threats.
Croatian 
English 
Albanian 
Serbian 