The significance of Cyber Security is undeniable, and the Information Security risk considerations should excogitate beyond noticing them as an ‘IT Issue’. This...
July 12 2021
The significance of Cyber Security is undeniable, and the Information Security risk considerations should excogitate beyond noticing them as an ‘IT Issue’. This...
Rizwan Bhatti
The significance of Cyber Security is undeniable, and the Information Security risk considerations should excogitate beyond noticing them as an ‘IT Issue’. This article will mainly focus on what Lawyers should know about Information and Cyber Security. According to the Cyber Precedent highlighting the Australian Privacy Principles and Cyber Security, prepared by the Law Society of NSW and published by Law Council of Australia, Cyber threats and risks continue to increase in scale and intricacy. These threats create legal, regulatory, and business risk to law firms. In Australia the average cost of a cybercrime incident is $276,323 and average time to resolve an attack is 25 days.
During the 2020–21 financial year, over 67,500 cybercrime reports were made via ReportCyber, an increase of nearly 13 per cent from the previous financial year. One cybercrime report is made approximately every eight minutes in Australia.
The Annual Cyber Threat Report for 2020-2021 also suggests that the top three cybercrime types reported were:
■ fraud cybercrime – approximately 23 per cent
■ shopping cybercrime – approximately 17 per cent
■ online banking cybercrime – approximately 12 per cent.
According to the ‘Annual Cyber Threat Report 2020’ published by ASCS Australian Cyber Security Centre between 1st July 2019 to 30th June 2020 the most common type of cyber security incident was ‘malicious email’ and Phishing and spear-phishing emails have consistently remained the most common cyber security incidents reported to ASCS, followed by ‘compromised system'.
Cyber Security incidents, by type (1 July 2019 to 30 June 2020 Source: ASCS
In general terms, cyber security is about protecting yourself and your organisation from unauthorised activities that have the potential to compromise computers, associated infrastructure or any electronic information that is responsibility of your organisation.
In short, cyber security is defined as the measures taken to protect your data from theft and other cybercrimes which can be triggered by Viruses, Ransomware, Phishing, Malware, Hacking, and DDoS.
There is a common question of “why are Lawyers the targets of these Cyber-attacks”? But the answer is simple, Law firms hold lots of sensitive data, some of it in the cloud. In addition, compared to other professions, lawyers have been slow to implement cyber security measures. According to Law Council of Australia, some banks have even warned that law firms are a cyber security risk.
The Australian Government defined a ‘cyber-attack’ as “a deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity”. Therefore, there are many risks associated with the Cyber Attack. Typically, the damage caused by a cyber-attack can cause theft of confidential corporate, personal, and financial information which may lead to the theft of large amounts of money. Another related risk includes destroying and rendering all client data useless by irreversible encryption and impacting the use of computer and mobile.
It is important that Lawyers and Law firms understand and implement cyber security measures to protect their data. If a lawyer’s practice is the victim of cybercrime the repercussions can be ruinous for both lawyer's clients and the law firm.
According to ASCS between 1st July 2019 and 30th June 2020, the largest proportion of incidents were reported by the Commonwealth Government followed by State/Territory Government sector. However, Legal and Professional Services sector incidents cannot be ignored as shown in the figure below
Cyber Security Incidents, by affected sector (1 July 2019 to 30 June 2020) source: ASCS
According to the Law Society of Australia, practitioners should be vigilant with their communications and use of technology, including computers, mobiles, and any other devices. Legal practitioners must develop and implement procedures to ensure that their cyber security is tested and up to date, there are some simple steps for lawyers and end users to mitigate the risk of a cyber-attack:
If you believe that you are a victim to an ongoing threat or potential of a cyber-attack, it is recommended to immediately:
It is necessary that practitioners educate themselves in cyber security due to the reliance and use of technology in the legal sector. It is vital practitioners understand how these cyber-attacks occur and how to minimise or protect themselves (or the company) against them. Failure to take appropriate steps to protect and impose proper cyber security practices includes a risk of breaching your professional obligations as a legal practitioner.
Written by Rizwan Bhatti: Helpdesk Analyst at LawMaster
This article was updated 04/10/2022 to include updated data on cyber crimes in Australia.
References
Law Council of Australia, “Privacy Principles” http://lca.lawcouncil.asn.au/lawcouncil/images/Privacy_Principles.pdfASCS "Annual Cyber Threat Report 2020-21" https://www.cyber.gov.au/sites/default/files/2021-09/ACSC%20Annual%20Cyber%20Threat%20Report%20-%202020-2021.pdf
T: 1300 135 214
PO Box 793, New Farm QLD 4005
ABN: 690 524 390 86
Australia, New Zealand
marketing@lawmaster.com.au