Cyber risk – scary and real
I was a huge Doctor Who fan as a child. I’m ancient, so my favourite doctors were Jon Pertwee and Tom Baker. I loved the monsters most of all though. There were so many great villains, and while I thought the Daleks were OK, they never really felt scary. Giant pepper pots who would struggle to deal with uneven terrain or stairs.
The ones that really used to freak me out and have me cowering behind the sofa were the Cybermen. They were dead eyed, relentless, ruthless and had seemingly infinite resources.
By this point you will be sighing and rolling your eyes at another of Holt’s shoehorning in of cultural references, and to be honest you’re right.
It’s just that we are back in the throes of terrifying cyber threat.
Three or four years ago, any conference you went to featured doom and gloom and scary stories about cyber threat. It became almost an industry joke – the method used by purveyors of solutions for all your cyber risks. The numbers quoted were horrifying – often hypothetical and often using statistics from other sectors, as information specific to legal was scarce.
But we listened, and took steps. At The Cashroom we realised the use of email made us vulnerable so we invested in the development of our secure client communication portal. We, and others, sought certificated reassurance- we are Cyber Essentials Plus accredited. We, and others, implemented detailed training programmes to ensure our people were empowered and vigilant, and working to sensible secure processes.
And for a couple of years, the tone of the messaging around cyber threat calmed a little. Of course there were high profile examples of issues, which kept the threat visible, but the hysteria of the messaging at conferences and in articles cooled off.
But now we know the scale of the threat
However, anyone who thought that the threat had receded is in for a shock. Because the pause in threat level was illusory….it was more a gathering of data, and now the statistics are there to show exactly the scale of the cyber threat faced by the legal sector.
I took part in a round table discussion, hosted by our friends at Xyone Cybersecurity, and attended by representatives from the police, insurance, tech and legal sectors. A fascinating discussion took place over coffee and bacon butties, but some of the statistics put us off our breakfast.
59% of UK and US companies suffered data breach caused by a third party.
Two thirds of SMEs who suffer a breach will not survive.
90% of data intrusions start with a phishing email.
Nearly 0.5% of all emails sent globally were phishing emails.
And some stats were specific to the Legal Sector:
112% Rise in Legal Sector Data Breaches in 2 years
£11 Million of client money stolen due to cybercrime over 1 year
60% of law firms reported to have suffered information security incidents last year
Beware of the iKettle
There were some great tips, some of which were pretty obvious, but some (iKettle risk!) were a surprise –
- All your printers, copiers, even iKettles which are linked to your network need the same rigour of security and password regimes as the rest of your tech equipment or else they can be used as a route into your network.
- All your suppliers may provide a route into your systems if they don’t have rigorous procedures and protections in place. Carry out due diligence on them to check this out.
- If you’re merging with another firm, check their cyber risk levels. If they have malware already on their system it’ll infect your firm when you merge.
- Have a hard copy of your Cyber Incident Response plan, including necessary reference numbers and phone numbers – if you get shut out of your system, you may not be able to access that info!
So the analogy with the Cybermen isn’t too tenuous – they have huge resources. They are relentless and ruthless. They are…scary. It’s time to come out from behind the sofa and face the threat, because it’s real and the mattel plastic replica of a sonic screwdriver just won’t cut it, I’m afraid.
Alex Holt, The Cashroom