*/
Risk managing ransomware threats: a Quorum Cyber briefing for barristers. By Mike Pini
Among the various types of cyber security threats that every organisation dreads today, ransomware attacks arguably pose the most serious challenge to the legal sector. As their techniques have become more sophisticated, financially motivated cybercriminals have become bolder and more confident.
The nature of cybercrime means it’s fluid and evolves at a rapid pace. However, while cyber security might seem very technical, at Quorum Cyber we see it simply as risk management. Like any risk, it needs to be managed properly and proportionately to the potential consequences.
Our purpose is to help organisations steadily reduce their risk over time, and in a way that fits their budget and their risk appetite. We believe that when people work together and communicate clearly, they can minimise any kind of cyber threat. So, although we’re a team of cyber security and technology experts, we’re focused on providing positive results and outcomes. We already help more than 150 organisations around the world, including in the legal sector in the UK, to reduce their risks, regardless of what new threats are thrown at them.
Cybercriminals are notorious for constantly adapting their tactics, techniques and procedures (TTPs) to bypass existing defences and avoid being caught. A new approach that has quickly gained popularity in nefarious circles is the double extortion tactic. Once inside a network, the adversary will try to copy any data they want (and more) and store it elsewhere. They then encrypt the data inside the organisation’s network. This way they can demand two payments: one for not publishing the data stolen online and a second for the decryption key.
Their next move varies from criminal group to group, but they can typically demand contact and payment by a fixed deadline. They might show evidence that they have copies of your data, together with a threat to release all or part of it on a dedicated website if they aren’t paid in full. Occasionally, they might increase the ransom demand over time on a sliding scale – the longer one takes to pay, the more expensive it gets.
For some people, just the threat of having their clients’ confidential data put on display for the world to see is frightening enough – so they have promptly paid the ransom fee in full. But this has come with mixed results. While some gangs have been known to stick to their word, others take the money and publish or sell the information anyway.
Paying is not advised. It just stokes the flames, giving them more confidence and more money to invest in better tools to launch more cyber-attacks. In July this year, the UK’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) wrote a joint letter to the Law Society and Bar Council to remind their members not to advise any of their clients to pay ransomware demands. The ICO also underlined that they would not reduce any fines just because firms had already paid a ransom.
Needless to say, double extortion can be extremely damaging to anyone’s reputation with their customers and for the legal industry as a whole.
So, how can anyone whose business depends on their professional reputation be sure they have the optimal security in place to avoid becoming another case study? Unsurprisingly, cybercriminals will almost always reach for the lowest-hanging fruit. Why target the toughest defences when there are easier places to break into? They aren’t looking for an intellectual challenge, just a way to make a quick windfall.
So, adopting good cyber hygiene is fundamental to making sure you’re on the right path to achieving cyber resilience. Certifying to the NCSC’s Cyber Essentials and Cyber Essentials PLUS will lay the foundations. And there are many more actions you can take to improve your security posture over time and within budget.
We’ve partnered with businesses of all sizes across a wide variety of industries to help them achieve their cyber security goals and regain the confidence and peace of mind to carry out their profession. As a Microsoft Solutions Partner for Security (formerly called Gold Partner) and member of the Microsoft Intelligent Security Association (MISA) we have the expertise to help you, however you like to work and whatever technology you currently use.
You can learn more about how we help organisations thrive in an increasingly hostile and unpredictable digital environment by visiting our website or reach out to us if you have any questions at info@quorumcyber.com
Among the various types of cyber security threats that every organisation dreads today, ransomware attacks arguably pose the most serious challenge to the legal sector. As their techniques have become more sophisticated, financially motivated cybercriminals have become bolder and more confident.
The nature of cybercrime means it’s fluid and evolves at a rapid pace. However, while cyber security might seem very technical, at Quorum Cyber we see it simply as risk management. Like any risk, it needs to be managed properly and proportionately to the potential consequences.
Our purpose is to help organisations steadily reduce their risk over time, and in a way that fits their budget and their risk appetite. We believe that when people work together and communicate clearly, they can minimise any kind of cyber threat. So, although we’re a team of cyber security and technology experts, we’re focused on providing positive results and outcomes. We already help more than 150 organisations around the world, including in the legal sector in the UK, to reduce their risks, regardless of what new threats are thrown at them.
Cybercriminals are notorious for constantly adapting their tactics, techniques and procedures (TTPs) to bypass existing defences and avoid being caught. A new approach that has quickly gained popularity in nefarious circles is the double extortion tactic. Once inside a network, the adversary will try to copy any data they want (and more) and store it elsewhere. They then encrypt the data inside the organisation’s network. This way they can demand two payments: one for not publishing the data stolen online and a second for the decryption key.
Their next move varies from criminal group to group, but they can typically demand contact and payment by a fixed deadline. They might show evidence that they have copies of your data, together with a threat to release all or part of it on a dedicated website if they aren’t paid in full. Occasionally, they might increase the ransom demand over time on a sliding scale – the longer one takes to pay, the more expensive it gets.
For some people, just the threat of having their clients’ confidential data put on display for the world to see is frightening enough – so they have promptly paid the ransom fee in full. But this has come with mixed results. While some gangs have been known to stick to their word, others take the money and publish or sell the information anyway.
Paying is not advised. It just stokes the flames, giving them more confidence and more money to invest in better tools to launch more cyber-attacks. In July this year, the UK’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) wrote a joint letter to the Law Society and Bar Council to remind their members not to advise any of their clients to pay ransomware demands. The ICO also underlined that they would not reduce any fines just because firms had already paid a ransom.
Needless to say, double extortion can be extremely damaging to anyone’s reputation with their customers and for the legal industry as a whole.
So, how can anyone whose business depends on their professional reputation be sure they have the optimal security in place to avoid becoming another case study? Unsurprisingly, cybercriminals will almost always reach for the lowest-hanging fruit. Why target the toughest defences when there are easier places to break into? They aren’t looking for an intellectual challenge, just a way to make a quick windfall.
So, adopting good cyber hygiene is fundamental to making sure you’re on the right path to achieving cyber resilience. Certifying to the NCSC’s Cyber Essentials and Cyber Essentials PLUS will lay the foundations. And there are many more actions you can take to improve your security posture over time and within budget.
We’ve partnered with businesses of all sizes across a wide variety of industries to help them achieve their cyber security goals and regain the confidence and peace of mind to carry out their profession. As a Microsoft Solutions Partner for Security (formerly called Gold Partner) and member of the Microsoft Intelligent Security Association (MISA) we have the expertise to help you, however you like to work and whatever technology you currently use.
You can learn more about how we help organisations thrive in an increasingly hostile and unpredictable digital environment by visiting our website or reach out to us if you have any questions at info@quorumcyber.com
Risk managing ransomware threats: a Quorum Cyber briefing for barristers. By Mike Pini
Barbara Mills KC, the new Chair of the Bar, outlines some key themes and priorities
A family lawyer has won a £500 donation for her preferred charity, an education centre for women from disadvantaged backgrounds, thanks to drug, alcohol and DNA testing laboratory AlphaBiolabs’ Giving Back campaign
Louise Crush of Westgate Wealth Management highlights some of the ways you can cut your IHT bill
Rachel Davenport breaks down everything you need to know about AlphaBiolabs’ industry-leading laboratory testing services for legal matters
By Louise Crush of Westgate Wealth Management sets out the key steps to your dream property
A centre of excellence for youth justice, the Youth Justice Legal Centre provides specialist training, an advice line and a membership programme
What's it like being a legal trainee at the Crown Prosecution Service? Amy describes what drew her to the role, the skills required and a typical day in the life
Barbara Mills KC wants to raise the profile of the family Bar. She also wants to improve wellbeing and enhance equality, diversity and inclusion in the profession. She talks to Joshua Rozenberg KC (hon) about her plans for the year ahead
Professor Dominic Regan and Seán Jones KC identify good value bottles across the price spectrum – from festive fizz to reliable reds
Governments who play fast and loose with the law get into real trouble, says the new Attorney General. The Rt Hon Lord Hermer KC talks to Anthony Inglese CB about what drew this boy from Cardiff to the Bar, bringing the barrister ethos to the front bench, and how he will be measuring success
Mark Neale, Director General of the Bar Standards Board, offers an update on the Equality Rules consultation
