*/
Risk managing ransomware threats: a Quorum Cyber briefing for barristers. By Mike Pini
Among the various types of cyber security threats that every organisation dreads today, ransomware attacks arguably pose the most serious challenge to the legal sector. As their techniques have become more sophisticated, financially motivated cybercriminals have become bolder and more confident.
The nature of cybercrime means it’s fluid and evolves at a rapid pace. However, while cyber security might seem very technical, at Quorum Cyber we see it simply as risk management. Like any risk, it needs to be managed properly and proportionately to the potential consequences.
Our purpose is to help organisations steadily reduce their risk over time, and in a way that fits their budget and their risk appetite. We believe that when people work together and communicate clearly, they can minimise any kind of cyber threat. So, although we’re a team of cyber security and technology experts, we’re focused on providing positive results and outcomes. We already help more than 150 organisations around the world, including in the legal sector in the UK, to reduce their risks, regardless of what new threats are thrown at them.
Cybercriminals are notorious for constantly adapting their tactics, techniques and procedures (TTPs) to bypass existing defences and avoid being caught. A new approach that has quickly gained popularity in nefarious circles is the double extortion tactic. Once inside a network, the adversary will try to copy any data they want (and more) and store it elsewhere. They then encrypt the data inside the organisation’s network. This way they can demand two payments: one for not publishing the data stolen online and a second for the decryption key.
Their next move varies from criminal group to group, but they can typically demand contact and payment by a fixed deadline. They might show evidence that they have copies of your data, together with a threat to release all or part of it on a dedicated website if they aren’t paid in full. Occasionally, they might increase the ransom demand over time on a sliding scale – the longer one takes to pay, the more expensive it gets.
For some people, just the threat of having their clients’ confidential data put on display for the world to see is frightening enough – so they have promptly paid the ransom fee in full. But this has come with mixed results. While some gangs have been known to stick to their word, others take the money and publish or sell the information anyway.
Paying is not advised. It just stokes the flames, giving them more confidence and more money to invest in better tools to launch more cyber-attacks. In July this year, the UK’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) wrote a joint letter to the Law Society and Bar Council to remind their members not to advise any of their clients to pay ransomware demands. The ICO also underlined that they would not reduce any fines just because firms had already paid a ransom.
Needless to say, double extortion can be extremely damaging to anyone’s reputation with their customers and for the legal industry as a whole.
So, how can anyone whose business depends on their professional reputation be sure they have the optimal security in place to avoid becoming another case study? Unsurprisingly, cybercriminals will almost always reach for the lowest-hanging fruit. Why target the toughest defences when there are easier places to break into? They aren’t looking for an intellectual challenge, just a way to make a quick windfall.
So, adopting good cyber hygiene is fundamental to making sure you’re on the right path to achieving cyber resilience. Certifying to the NCSC’s Cyber Essentials and Cyber Essentials PLUS will lay the foundations. And there are many more actions you can take to improve your security posture over time and within budget.
We’ve partnered with businesses of all sizes across a wide variety of industries to help them achieve their cyber security goals and regain the confidence and peace of mind to carry out their profession. As a Microsoft Solutions Partner for Security (formerly called Gold Partner) and member of the Microsoft Intelligent Security Association (MISA) we have the expertise to help you, however you like to work and whatever technology you currently use.
You can learn more about how we help organisations thrive in an increasingly hostile and unpredictable digital environment by visiting our website or reach out to us if you have any questions at info@quorumcyber.com
Among the various types of cyber security threats that every organisation dreads today, ransomware attacks arguably pose the most serious challenge to the legal sector. As their techniques have become more sophisticated, financially motivated cybercriminals have become bolder and more confident.
The nature of cybercrime means it’s fluid and evolves at a rapid pace. However, while cyber security might seem very technical, at Quorum Cyber we see it simply as risk management. Like any risk, it needs to be managed properly and proportionately to the potential consequences.
Our purpose is to help organisations steadily reduce their risk over time, and in a way that fits their budget and their risk appetite. We believe that when people work together and communicate clearly, they can minimise any kind of cyber threat. So, although we’re a team of cyber security and technology experts, we’re focused on providing positive results and outcomes. We already help more than 150 organisations around the world, including in the legal sector in the UK, to reduce their risks, regardless of what new threats are thrown at them.
Cybercriminals are notorious for constantly adapting their tactics, techniques and procedures (TTPs) to bypass existing defences and avoid being caught. A new approach that has quickly gained popularity in nefarious circles is the double extortion tactic. Once inside a network, the adversary will try to copy any data they want (and more) and store it elsewhere. They then encrypt the data inside the organisation’s network. This way they can demand two payments: one for not publishing the data stolen online and a second for the decryption key.
Their next move varies from criminal group to group, but they can typically demand contact and payment by a fixed deadline. They might show evidence that they have copies of your data, together with a threat to release all or part of it on a dedicated website if they aren’t paid in full. Occasionally, they might increase the ransom demand over time on a sliding scale – the longer one takes to pay, the more expensive it gets.
For some people, just the threat of having their clients’ confidential data put on display for the world to see is frightening enough – so they have promptly paid the ransom fee in full. But this has come with mixed results. While some gangs have been known to stick to their word, others take the money and publish or sell the information anyway.
Paying is not advised. It just stokes the flames, giving them more confidence and more money to invest in better tools to launch more cyber-attacks. In July this year, the UK’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) wrote a joint letter to the Law Society and Bar Council to remind their members not to advise any of their clients to pay ransomware demands. The ICO also underlined that they would not reduce any fines just because firms had already paid a ransom.
Needless to say, double extortion can be extremely damaging to anyone’s reputation with their customers and for the legal industry as a whole.
So, how can anyone whose business depends on their professional reputation be sure they have the optimal security in place to avoid becoming another case study? Unsurprisingly, cybercriminals will almost always reach for the lowest-hanging fruit. Why target the toughest defences when there are easier places to break into? They aren’t looking for an intellectual challenge, just a way to make a quick windfall.
So, adopting good cyber hygiene is fundamental to making sure you’re on the right path to achieving cyber resilience. Certifying to the NCSC’s Cyber Essentials and Cyber Essentials PLUS will lay the foundations. And there are many more actions you can take to improve your security posture over time and within budget.
We’ve partnered with businesses of all sizes across a wide variety of industries to help them achieve their cyber security goals and regain the confidence and peace of mind to carry out their profession. As a Microsoft Solutions Partner for Security (formerly called Gold Partner) and member of the Microsoft Intelligent Security Association (MISA) we have the expertise to help you, however you like to work and whatever technology you currently use.
You can learn more about how we help organisations thrive in an increasingly hostile and unpredictable digital environment by visiting our website or reach out to us if you have any questions at info@quorumcyber.com
Risk managing ransomware threats: a Quorum Cyber briefing for barristers. By Mike Pini
The Chair of the Bar sets out how the new government can restore the justice system
In the first of a new series, Louise Crush of Westgate Wealth considers the fundamental need for financial protection
Unlocking your aged debt to fund your tax in one easy step. By Philip N Bristow
Possibly, but many barristers are glad he did…
Mental health charity Mind BWW has received a £500 donation from drug, alcohol and DNA testing laboratory, AlphaBiolabs as part of its Giving Back campaign
The Institute of Neurotechnology & Law is thrilled to announce its inaugural essay competition
How to navigate open source evidence in an era of deepfakes. By Professor Yvonne McDermott Rees and Professor Alexa Koenig
Brie Stevens-Hoare KC and Lyndsey de Mestre KC take a look at the difficulties women encounter during the menopause, and offer some practical tips for individuals and chambers to make things easier
Sir Geoffrey Vos, Master of the Rolls and Head of Civil Justice since January 2021, is well known for his passion for access to justice and all things digital. Perhaps less widely known is the driven personality and wanderlust that lies behind this, as Anthony Inglese CB discovers
The Chair of the Bar sets out how the new government can restore the justice system
No-one should have to live in sub-standard accommodation, says Antony Hodari Solicitors. We are tackling the problem of bad housing with a two-pronged approach and act on behalf of tenants in both the civil and criminal courts
-(1)-(002).tmb-carlisting79eb.png){kind=logo}
