The firm said that the incident "has been confined to a very small part of its data store". The legal and professional services group said it is “currently managing a cyber security incident” after discovering an intrusion into its system. The firm said in a statement on the London Stock Exchange that the intrusion was “quickly identified” by its IT team which acted immediately to secure its systems.
The firm said that the incident "has been confined to a very small part of its data store".
The legal and professional services group said it is “currently managing a cyber security incident” after discovering an intrusion into its system.
The firm said in a statement on the London Stock Exchange that the intrusion was “quickly identified” by its IT team which acted immediately to secure its systems.
The statement also said: “the Company is confident that its security controls were effective in limiting the impact of the incident, supported by a professional cyber security support team mobilised as part of its cyber security insurance facility.”.
On the impact of the attack the firm said: “The impacted data was traced quickly and deleted from the location to which it had been downloaded and there is no evidence currently to suggest that this data has been further disseminated. The impacted data did include some client data and, when the Company's investigations are further progressed, those clients that have been affected will be notified. The Company has already notified the relevant regulators and law enforcement agencies, as well as the Information Commissioner's Office.”
The firms CEO said: “IT security is of paramount importance to us, and we had carefully planned for the occurrence of risk that a cyber breach could have on the business. Incidents of this nature are, sadly, prevalent. I am grateful that the prompt actions of our IT team have limited the impact of this incident and enabled us to resume our business operations swiftly.
“We are continuing to work with specialist cyber security professionals to investigate the incident and identify any parties that may have been affected and we will, of course, contact anyone affected in due course. In the meantime, we are restoring all of our systems in a safe and secure manner as quickly as possible and do not expect at this stage any significant disruption to our day-to-day activities or financial performance.”
Lawyer Checker recently hosted a panel session on cyber-attack crisis management featuring a number of industry experts. One of the experts David Fazackerly In-house CIO at CTS spoke candidly about his experience of working in a law firm and the hands-on experience of a cyber-attack.
Commenting on the news Tom Lyes Director of Engagement at Lawyer Checker said: “Having assessed over 150 law firms in our role as a Cyber Essentials assessment centre aimed at the legal sector, we are seeing a shift with cyber now being taken more seriously. But there is still a lot of work and education to be done. An interesting part of the CEO’s quote was that they had practiced and planned for an incident and that may be a key reason as to how the attack was limited. A key resource to be used here is the National Cyber Security Centre’s Exercise in a Box table top exercise.
Law firms are unfortunately enticing prospects to cyber criminals, due to the high value transactions involved. A robust disaster recovery and business continuity plan are therefore imperative to safeguard against a cyber-attack. Lawyer Checker specialise in risk mitigation for the legal sector and sadly we know it is a case of when not if an attack may strike.
However, by planning with robust, tested strategies law firms can demonstrate their commitment to defence against ever evolving cyber threats and be better placed to defend themselves.
If you’d like to learn more about how Cyber Essentials Plus which is recommended by the Solicitors Regulation Authority can support your efforts with this, please contact Mark Siwiec on mark.siwiec@practicalvision.co.uk or 03300529150
