*/
Risk managing ransomware threats: a Quorum Cyber briefing for barristers. By Mike Pini
Among the various types of cyber security threats that every organisation dreads today, ransomware attacks arguably pose the most serious challenge to the legal sector. As their techniques have become more sophisticated, financially motivated cybercriminals have become bolder and more confident.
The nature of cybercrime means it’s fluid and evolves at a rapid pace. However, while cyber security might seem very technical, at Quorum Cyber we see it simply as risk management. Like any risk, it needs to be managed properly and proportionately to the potential consequences.
Our purpose is to help organisations steadily reduce their risk over time, and in a way that fits their budget and their risk appetite. We believe that when people work together and communicate clearly, they can minimise any kind of cyber threat. So, although we’re a team of cyber security and technology experts, we’re focused on providing positive results and outcomes. We already help more than 150 organisations around the world, including in the legal sector in the UK, to reduce their risks, regardless of what new threats are thrown at them.
Cybercriminals are notorious for constantly adapting their tactics, techniques and procedures (TTPs) to bypass existing defences and avoid being caught. A new approach that has quickly gained popularity in nefarious circles is the double extortion tactic. Once inside a network, the adversary will try to copy any data they want (and more) and store it elsewhere. They then encrypt the data inside the organisation’s network. This way they can demand two payments: one for not publishing the data stolen online and a second for the decryption key.
Their next move varies from criminal group to group, but they can typically demand contact and payment by a fixed deadline. They might show evidence that they have copies of your data, together with a threat to release all or part of it on a dedicated website if they aren’t paid in full. Occasionally, they might increase the ransom demand over time on a sliding scale – the longer one takes to pay, the more expensive it gets.
For some people, just the threat of having their clients’ confidential data put on display for the world to see is frightening enough – so they have promptly paid the ransom fee in full. But this has come with mixed results. While some gangs have been known to stick to their word, others take the money and publish or sell the information anyway.
Paying is not advised. It just stokes the flames, giving them more confidence and more money to invest in better tools to launch more cyber-attacks. In July this year, the UK’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) wrote a joint letter to the Law Society and Bar Council to remind their members not to advise any of their clients to pay ransomware demands. The ICO also underlined that they would not reduce any fines just because firms had already paid a ransom.
Needless to say, double extortion can be extremely damaging to anyone’s reputation with their customers and for the legal industry as a whole.
So, how can anyone whose business depends on their professional reputation be sure they have the optimal security in place to avoid becoming another case study? Unsurprisingly, cybercriminals will almost always reach for the lowest-hanging fruit. Why target the toughest defences when there are easier places to break into? They aren’t looking for an intellectual challenge, just a way to make a quick windfall.
So, adopting good cyber hygiene is fundamental to making sure you’re on the right path to achieving cyber resilience. Certifying to the NCSC’s Cyber Essentials and Cyber Essentials PLUS will lay the foundations. And there are many more actions you can take to improve your security posture over time and within budget.
We’ve partnered with businesses of all sizes across a wide variety of industries to help them achieve their cyber security goals and regain the confidence and peace of mind to carry out their profession. As a Microsoft Solutions Partner for Security (formerly called Gold Partner) and member of the Microsoft Intelligent Security Association (MISA) we have the expertise to help you, however you like to work and whatever technology you currently use.
You can learn more about how we help organisations thrive in an increasingly hostile and unpredictable digital environment by visiting our website or reach out to us if you have any questions at info@quorumcyber.com
Among the various types of cyber security threats that every organisation dreads today, ransomware attacks arguably pose the most serious challenge to the legal sector. As their techniques have become more sophisticated, financially motivated cybercriminals have become bolder and more confident.
The nature of cybercrime means it’s fluid and evolves at a rapid pace. However, while cyber security might seem very technical, at Quorum Cyber we see it simply as risk management. Like any risk, it needs to be managed properly and proportionately to the potential consequences.
Our purpose is to help organisations steadily reduce their risk over time, and in a way that fits their budget and their risk appetite. We believe that when people work together and communicate clearly, they can minimise any kind of cyber threat. So, although we’re a team of cyber security and technology experts, we’re focused on providing positive results and outcomes. We already help more than 150 organisations around the world, including in the legal sector in the UK, to reduce their risks, regardless of what new threats are thrown at them.
Cybercriminals are notorious for constantly adapting their tactics, techniques and procedures (TTPs) to bypass existing defences and avoid being caught. A new approach that has quickly gained popularity in nefarious circles is the double extortion tactic. Once inside a network, the adversary will try to copy any data they want (and more) and store it elsewhere. They then encrypt the data inside the organisation’s network. This way they can demand two payments: one for not publishing the data stolen online and a second for the decryption key.
Their next move varies from criminal group to group, but they can typically demand contact and payment by a fixed deadline. They might show evidence that they have copies of your data, together with a threat to release all or part of it on a dedicated website if they aren’t paid in full. Occasionally, they might increase the ransom demand over time on a sliding scale – the longer one takes to pay, the more expensive it gets.
For some people, just the threat of having their clients’ confidential data put on display for the world to see is frightening enough – so they have promptly paid the ransom fee in full. But this has come with mixed results. While some gangs have been known to stick to their word, others take the money and publish or sell the information anyway.
Paying is not advised. It just stokes the flames, giving them more confidence and more money to invest in better tools to launch more cyber-attacks. In July this year, the UK’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) wrote a joint letter to the Law Society and Bar Council to remind their members not to advise any of their clients to pay ransomware demands. The ICO also underlined that they would not reduce any fines just because firms had already paid a ransom.
Needless to say, double extortion can be extremely damaging to anyone’s reputation with their customers and for the legal industry as a whole.
So, how can anyone whose business depends on their professional reputation be sure they have the optimal security in place to avoid becoming another case study? Unsurprisingly, cybercriminals will almost always reach for the lowest-hanging fruit. Why target the toughest defences when there are easier places to break into? They aren’t looking for an intellectual challenge, just a way to make a quick windfall.
So, adopting good cyber hygiene is fundamental to making sure you’re on the right path to achieving cyber resilience. Certifying to the NCSC’s Cyber Essentials and Cyber Essentials PLUS will lay the foundations. And there are many more actions you can take to improve your security posture over time and within budget.
We’ve partnered with businesses of all sizes across a wide variety of industries to help them achieve their cyber security goals and regain the confidence and peace of mind to carry out their profession. As a Microsoft Solutions Partner for Security (formerly called Gold Partner) and member of the Microsoft Intelligent Security Association (MISA) we have the expertise to help you, however you like to work and whatever technology you currently use.
You can learn more about how we help organisations thrive in an increasingly hostile and unpredictable digital environment by visiting our website or reach out to us if you have any questions at info@quorumcyber.com
Risk managing ransomware threats: a Quorum Cyber briefing for barristers. By Mike Pini
The Bar Council faces both opportunities and challenges on our key areas this year
Girls Human Rights Festival 2025: a global gathering for change
Exclusive Q&A with Henry Dannell
Casey Randall of AlphaBiolabs discusses the benefits of Non-invasive Prenatal Paternity testing for the timely resolution of family disputes
By Louise Crush of Westgate Wealth Management
Have you considered being a barrister in the British Army? Here’s an insight into a career in Army Legal Services
Patrick Green KC talks about the landmark Post Office Group litigation and his driving principles for life and practice. Interview by Anthony Inglese CB
Sir Nicholas Mostyn, former High Court judge, on starting a hit podcast with fellow ‘Parkies’ after the shock of his diagnosis
‘Hard work and commitment can open doors. I believe that I am proof of that,’ says Senior Treasury Counsel Louise Oakley. She tells Anthony Inglese CB about her journey from Wolverhampton to the Old Bailey
What's it like being a legal trainee at the Crown Prosecution Service? Amy describes what drew her to the role, the skills required and a typical day in the life
Barbara Mills KC wants to raise the profile of the family Bar. She also wants to improve wellbeing and enhance equality, diversity and inclusion in the profession. She talks to Joshua Rozenberg KC (hon) about her plans for the year ahead
