Application modernization is key for the cyber security of the legal industry, according to a new report by the NCSC. Let's explore why law firms are facing increased risk from cyber attack and what this means for enterprise as a whole.
The UK's NCSC has issued a report calling for legal firms to undergo application modernization to defend against cyber security threats. The advice, however, applies just as much to organizations in other industries and countries.
Following the COVID-19 outbreak, firms had to switch to remote working and cloud computing almost overnight. The technical debt from that rapid pivot has left cyber security gaps that criminals are now looking to exploit.
To protect your organization from these threats, you need to build a function to continuously adopt best-of-breed technology and plug cyber security leaks. To do that, you need LeanIX EAM to offer complete clarity on your application portfolio:
To find out more about how the LeanIX EAM supports application modernization, read Gartner's report on choosing the right approach:
GARTNER® REPORT: How to Choose the Right Approach for Application Modernization and Cloud Migration
In the meantime, let's look more closely at the NCSC warning and what it means.
UK NCSC Warning For Legal Firms
The National Cyber Security Centre (NCSC), part of the UK's Government Communications Headquarters (GCHQ), has issued a report aimed at highlighting the cyber threat to legal firms using outdated software applications. The report warns against the risks of cyber crime, from ransomware attacks to intellectual property theft.
As the CEO of the NCSC explained:
“The sensitive data legal firms handle can make them attractive targets to online attackers... I urge all legal practices to follow the guidance in this report.”
Lindy Cameron, CEO, NCSC
The President of the UK Law Society continued:
“It is vitally important that solicitors and law firms, whether large or small, are aware of the cyber threats they face and take steps to safeguard their systems.”
Lubna Shuja, President, The Law Society
The report highlights concerns that hybrid working creates challenges in securing workplace technology. Since legal firms are such a prime target for cyber criminals, dealing with large amounts of cash and private information, it's vital that these companies have best-of-breed security.
The Cyber Risks Of Remote Working
The National Cyber Security Centre's (NCSC) report describes an increased risk of cyber attack that has arisen since the start of the COVID-19 crisis. This is largely due to the technical debt created when firms had to make changes to their working model almost overnight as lockdown began.
With most viable industries switching to a work-from-home model, many additional threat points have been added to enterprise networks. Rather than keeping their data securely on-premise, firms must now allow employees access points to cloud data in order to make work-from-home feasible.
The NCSC is concerned that these additional access points will act as easy targets for cyber criminals. However, this is only such a concern as remote access is being run on outdated applications.
Since firms were given no time to plan before they needed to move to remote working, they had to either purchase whatever remote working systems they could get or rely on legacy technology. Much of this is not fit for purpose and poses a cyber security risk.
However, state-of-the-art cloud-based solutions may actually be more secure than legacy on-premise technology, as well as allowing organizations to access crucial talent from around the world. This is why the NCSC are warning companies to upgrade their cloud technology, but why particularly legal firms?
Why Legal Firms?
The National Cyber Security Centre's (NCSC) cyber security warning is targeted at legal firms as they are at particularly high risk. This is due to a perfect storm of circumstances:
- Legal firms deal with large sums of money and privileged data
- Legal firms keep notes on private court proceedings
- The legal industry is a traditionalist market that had been slow to adopt cloud technology
- The pandemic forced the legal industry to rapidly adapt to remote work and Zoom courtrooms
- To meet this challenge, legal firms needed to quickly adopt remote technology or make use of their existing legacy systems
The vulnerabilities in outdated software have led to a number of high-profile cyber attacks that have had a dramatic impact on the legal firms affected. The NCSC report highlights two particular cases:
Simplify Group Lose GBP 6.8 Million
In November, 2021, conveyancing giant Simplify Group experienced a systems outage due to a security incident. Cyber criminals were able to access internal data, including personal information.
Insurance documentation shows the firm lost GBP 6.8 million in the attack. In addition, Simplify had to initiate a new funding round to deal with the loss, as well as the resulting impact on reputation and revenue.
Tuckers Court Data Leaked On Dark Web
Meanwhile, criminal defense firm Tuckers Solicitors LLP experienced a cyber attack in August 2020. The attack led to 60 data packets, including court files, being taken and published on unlisted internet sites.
As a result, the firm was fined GBP 98,000 by the UK Information Commissioner's Office (ICO). While the ICO stressed that the attack was the responsibility of the cyber criminals alone, and that Tuckers had co-operated fully, they also confirmed that Tuckers had not taken an appropriate amount of care to protect against attacks.
What Firms Can Do To Avoid Cyber Attack
As explained above, the National Cyber Security Centre's (NCSC) report highlights the increased cyber security risk to legal firms following the rapid changes the market experienced during the pandemic. However, this is only due to the legacy technology that the legal industry is still commonly using.
Yet, this isn't just a concern for the legal industry. Given the impacts of the pandemic on working processes, and the challenges of reducing technical debt, most organizations are facing gaps in their cyber security protections due to legacy systems.
Undertaking an application modernization initiative could serve to update these legacy applications to ensure the highest standard of cyber security is maintained. This isn't just about an expensive and complete digital transformation, however.
70% of digital transformations fail, largely because firms often attempt one, big-bang transformation and then don't repeat the initiative regularly thereafter. The key is to continually assess your application portfolio and specifically target your modernization efforts on the highest-value activities.
Your email service provider may be a little old-fashioned, but pose no cyber security risk. On the other hand, a cloud transformation of your enterprise resource planning (ERP) system might offer huge cyber protection gains and enhance productivity, as well.
The key to successful application modernization is gaining clarity on the effort and value of each modernization opportunity, so that you can create a prioritization list and a roadmap for continuous business transformation. Gaining that clarity requires a digital platform designed to offer it.
How LeanIX Can Help
LeanIX EAM is a single source of truth for all your enterprise architecture information. It allows you to identify and document detailed information on each of your applications using advanced survey tools.
Using the system, you can build a complete picture of your application portfolio and IT landscape that can be viewed by everyone in your organization. This means you can get all your stakeholders on the same page.
You can then use the platform to model your ideal application state and develop a roadmap to continuously progress towards it, even as it develops. This enables you to manage continuous business transformation now, and into the future.
To find out more about how the LeanIX EAM supports application modernization, read Gartner's report on choosing the right approach: