Today’s law firms are operating in an increasingly hostile digital landscape. This necessitates a robust cyber security posture to tackle cyber threats head-on. As we start the New Year, these are the prevalent cybercrime trends we believe UK law firms should prepare for in 2020 and beyond.
2019 was an interesting year in the cyber security world. The past 12 months saw the average cost of data breaches rise yet again, as common cybercrime tactics including phishing attacks and ransomware targeted victims not just through their workstations but, more than ever, through mobile devices and the Internet of Things as well. All law firms need to be proactive in their cyber security approach. This means understanding the risks they face and taking steps to ensure they remain as safe as possible from accidental or malicious data breach.
An important aspect of maintaining a proactive cyber security approach is understanding and planning for how the threat landscape is likely to change in the future. Now that we’re moving steadily through the New Year, it makes sense to take a step back and consider the trends we expect to see in 2020. There are two major developments we see influencing the cyber security landscape in the coming year. One of these is already causing headaches for security professionals and even governments, whilst the other is (at the time of writing at least) purely theoretical. Law firms should take these into consideration if they are to give their clients absolute assurance that all their data is in the safest hands.
Web Browser DNS over HTTPS
Towards the end of 2019 Mozilla and Google implemented DNS over HTTPS (DoH) in their Firefox and Chrome browsers. DoH transfers domain-name queries over secure HTTPS servers to DNS servers, preventing third parties (both malicious and benevolent) from seeing the websites that users visit.
Whilst providing an additional level of security and privacy to individuals, DoH could prove to be a nightmare for law firms’ IT admins in 2020. With DoH servers hard coded into web browsers, the likes of web filters could be deemed ineffective as users avoid pre-configured DNS servers and effectively bypass enterprise policy.
Mozilla gave the UK Government assurances that DoH will not be enabled by default in UK-based Firefox browsers. However, this doesn’t mitigate the need for law firms to take steps to ensure their enterprise policies – and cyber security postures – include provisions for DoH in 2020.
The second development we see playing a factor in 2020 is less immediate, but in many ways much scarier. AI-based antivirus applications are becoming increasingly popular, as software vendors seek to utilise machine learning to not only address but also anticipate zero-day attacks.
The flipside of the coin, though, is the rising spectre of AI-based malware. We’ve yet to see evidence of AI-based malware in the wild, but – given the fair assumption that someone, somewhere is working on developing intelligent malware strains that utilise AI and machine learning – we need to take the threat of cybercrime that utilises AI-based malware seriously.
With non-AI-based malware like WannaCry and NotPetya causing damage far beyond their intended target organisations back in 2017, the impact of an AI-based malware strain on a law firm and the highly confidential data it holds as it learns and mutates could be catastrophic.
IBM has developed an interesting proof of concept strain that researchers are learning from, but the truth is we don’t yet know what AI-based malware is truly capable of. If AI-based malware changes from theory to reality in 2020, law firms will need to ensure they have the secure people, processes and systems in place to handle the significant threat posed.
Protect Your Law Firm from Cybercrime
There’s no escaping it – UK law firms need to be highly cyber security-aware if they are to minimise the risks they face in today’s hostile digital landscape. If your law firm lacks the skills, scale or finances to assess, address and manage its cybercrime risk posture, consider partnering with an experienced cyber security provider like Six Degrees. You can leverage our investment in the cyber security skills and capabilities you need to remain safe, compliant and moving forward in the right direction. Check out our Cyber Security & Compliance services and learn how we enable law firms to enhance their cyber security postures and safeguard their operations.