Updated NCSC Report Highlights Key Threats for the UK Legal Sector

On June 22nd, 2023, the National Cyber Security Centre (NCSC), the UK’s cybersecurity agency, released a Cyber Threat Report for the country’s legal sector. Developed to update a previous iteration from 2018, the report reflects a dramatic change in the cybersecurity threat landscape, offering advice that considers the security issues inherent with remote working, new data revealing the UK legal sector’s vulnerability to cybercrime, and the increasing prevalence of attacks on smaller organizations. 

Many experts have hailed the NCSC’s report as the most important of the year – for good reason. Developed in partnership with the NCSC-sponsored Industry 100 scheme, the Law Society, The Bar Council, the Solicitors Regulation Authority (SRA), Action Fraud, and the National Crime Agency (NCA), the report provides comprehensive and actionable research, information, and advice to aid the UK’s legal sector in becoming more resilient to cybercrime. 

Arguably the most interesting aspect of the report is its constant reiteration of the importance of cybersecurity for all legal entities, regardless of size. This narrative echoes the messaging first presented in 2022’s National Cyber Strategy, in which the UK government calls for a “holistic, whole-of-society endeavor to improve UK resilience.” 

So, without further ado, let’s dive into the report’s key findings. 

How severe is the threat to the UK legal sector? 

Many of the report’s findings drive home how significant the threat facing the UK’s legal sector is: the SRA found that in 2020, 75% of interviewed solicitors’ firms had been a target of a cyberattack in the past. Nearly three years on, we can only speculate how much that number has grown. Similarly, the report states that almost three-quarters of the UK’s top 100 law firms have been affected by cyberattacks.

Who is targeting the UK legal sector? 

The report also outlines who might target the legal sector, listing the following entities as the most likely culprits:

• Cybercriminals: A cybercriminal is an individual or group that commits illegal activities using computers, networks, and the internet, such as hacking, phishing, or spreading malware, with the intention of financial gain or causing harm.
• Nation States: A nation-state, in the context of cybercrime, is a sovereign country or government that engages in or sponsors cyber activities, including cyberattacks, espionage, or information warfare, to achieve political, economic, or military objectives.
• Hacktivists: A hacktivist is an individual or group of hackers who use their computer skills to carry out cyber-attacks or cyber operations to promote a social or political cause, often aiming to raise awareness, protest, or advocate for specific issues or ideologies.
• Insider Threats: An insider threat refers to the risk posed to an organization’s security by individuals within the organization, such as employees, contractors, or partners, who intentionally or unintentionally misuse their access to sensitive information, systems, or resources, potentially causing harm or data breaches.

How can the UK legal sector combat the most common cyberattacks?

The NCSC’s report identifies the most common cyberattacks the UK legal sector faces and provides suggestions to combat them. They are: 

• Phishing: Phishing is a form of attack in which attackers attempt to deceive individuals into divulging sensitive information, such as login credentials, credit card numbers, or personal details, by impersonating trusted entities through deceptive emails, messages, or websites. To combat phishing attacks, the NCSC suggests the UK legal sector:
  • Make it difficult for an attacker to reach their users.
  • Help users to identify and report suspected phishing emails.
  • Protect themselves from the effects of undetected phishing emails.
  • Respond to incidents quickly.
• Business Email Compromise (BEC): BEC is a type of cybercrime where attackers use social engineering and email deception to target businesses and employees, aiming to trick them into transferring funds, revealing sensitive information, or performing actions that benefit the attackers financially or strategically. To combat BEC attacks, the NCSC suggests the UK legal sector: 
  • Use a takedown service to monitor and help remove any spoofed domains.
  • Implement SPF, DKIM, and DARC email protection for all domains.
  • Ensure staff and partners can easily report suspicious emails.
  • Verify all unusual email requests using another method, such as SMS.
  • Enforce proper password hygiene with multi-factor authentication (MFA). 
  • Regularly train staff. 
• Ransomware and other Malware: Ransomware is malicious software that encrypts a victim’s files or locks them out of their computer system. The attackers demand a ransom payment, usually in cryptocurrency, to provide the decryption key or restore access to the compromised data and systems. To combat ransomware and other malware, the NCSC suggests the UK legal sector: 
  • Regularly back up critical files. 
  • Regularly test backup procedures.
  • Create offline, offsite, or cloud backups.
  • Keep all software up to date. 
  • Carefully control all software and applications.
  • Use antivirus software.
  • Implement strict access controls, particularly for remote access. 
  • Develop an incident response plan. 
• Password Attacks: A password attack is an attempt by hackers to gain unauthorized access to an individual’s or organization’s account or system by systematically trying different combinations of passwords or using specialized tools to guess or crack the password. To combat password attacks, the NCSC suggests the UK legal sector:
  • Prevent staff from reusing passwords.
  • Ensure all staff use strong, unique passwords.
  • Ensure resetting passwords is a simple process. 
  • Enforce the principle of least privilege. 
  • Implement MFA.
  • Change all default passwords. 
• Supply Chain Attacks: A supply chain attack is a cyberattack that targets the software, hardware, or services provided by third-party vendors or suppliers. The attackers compromise the supplier’s products or processes to gain unauthorized access to the ultimate target, such as an organization’s systems or data. To combat supply chain attacks, the NCSC suggests the UK legal sector:

How can the UK legal sector report cyberattacks? 

Finally, the NCSC report states that, according to the SRA, there has recently been a decrease in reported cybersecurity incidents. While the report does note that “this may reflect improvements in the sector as a whole,” the NCSC is not confident this is the case, saying that “it is concerning that there may be a reluctance to report as this can undermine sector-wide security efforts.” 

In the event of a cyberattack, the NCSC suggests that the UK legal sector report to one of the following entities:

• Action Fraud
• Information Commissioner’s Office (ICO)
• NCSC
• Solicitor’s Regulation Authority (SRA)

The NCSC’s Cyber Threat Report for the UK’s legal sector highlights the escalating risks posed by cybercrime, particularly considering remote working and the increasing vulnerability of smaller organizations. Developed in collaboration with key stakeholders, the report emphasizes the need for a comprehensive approach to cybersecurity for all legal entities. It underscores the threat posed by various adversaries, such as cybercriminals, nation-states, hacktivists, and insider threats. The report provides crucial insights and practical advice to enhance the sector’s resilience against phishing, BEC, ransomware, password attacks, and supply chain attacks. Encouraging timely reporting of incidents, the NCSC aims to bolster sector-wide security efforts and safeguard the UK’s legal landscape from cyber threats.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.