Keeping Ahead of Hackers – Insights from our Legal Sector Roundtable

In a recent breakfast roundtable hosted by Business Reporter sponsored by Ekco, we invited senior IT decision-makers from the legal sector to discuss the evolving cyber security landscape and share strategies to stay ahead of cyber threats.

 

Key Takeaways

• Phishing and Credential Harvesting: Sophisticated phishing attacks from compromised third parties are a primary concern.
• Email and Endpoint Security: Implement strict email controls and ensure every endpoint has Endpoint Detection and Response (EDR) in place.
• Assumed Breach Mindset: Operate under the assumption that a breach will occur and conduct regular tabletop exercises.
• Zero Trust and MFA: Adopt a Zero Trust model and enforce Multi-Factor Authentication (MFA) to protect against credential harvesting.
• Supply Chain Management: Audit suppliers and maintain robust controls around vendor interactions.
• Cyber Insurance: Challenges in obtaining insurance are increasing, with shrinking coverage scopes and higher costs.
• AI and Automation: AI is seen as both a challenge and opportunity. Many legal firms are trialling AI for productivity improvements.

 

The Evolving Threat Landscape

One of the primary concerns highlighted was the sophistication of phishing and credential harvesting attacks. Attendees noted that phishing emails often come from compromised third parties, making them difficult to detect. A busy lawyer might receive an email that appears to be part of an existing thread, only to find it contains a malicious link. Similarly, finance teams face threats from fraudulent invoices sent via compromised email accounts, challenging even the most robust verification processes.

 

Response and Recovery Readiness

The roundtable emphasized the importance of operating under an assumed breach mindset. This involves having agile detection systems and conducting regular tabletop exercises to map out response processes. Zero Trust models were recommended to limit risk by allowing only trusted devices to access company resources. However, this approach also presents challenges, such as employees emailing files to personal accounts to transfer to personal devices, which increases risk.

 

Managing External Dependencies

Supply chain vulnerabilities were another critical topic. Attendees stressed that some third-party suppliers do not have a strong enough awareness of the threats impacting the legal sector, highlighting the need for regular audits of suppliers and robust controls around vendor interactions. Some firms have chosen to outsource supply chain management to specialist third parties to mitigate these risks. The value of certifications such as ISO 27001 and NIS was also discussed, with most participants agreeing that they provide proof of basic controls and leverage for board-level investment.

 

Building Organisational Resilience

A strong security culture is essential for building organisational resilience. This goes beyond mere compliance and requires a culture of risk awareness at every level. The traditional boundaries between IT and cyber security are blurring, necessitating aligned strategies across data, privacy, and security teams. Ensuring that CIOs have the budget to protect all assets was highlighted as a crucial factor.

Conclusion

The Breakfast Roundtable hosted by Ekco and Business Reporter provided valuable insights into the current cyber security challenges faced by the legal sector. You can read more insights from the event here.

By sharing experiences and strategies, attendees were able to gain a deeper understanding of how to stay ahead of hackers. Building a strong security culture, managing external dependencies, and preparing for breaches are essential steps in protecting against evolving cyber threats.