The Australian Cyber Security Centre has released its FY 21/22 Cyber Threat Assessment Report, and the news is not good:
There has been a sharp increase in attacks on Aussie individuals and businesses – an average of one every seven minutes. And keep in mind that the data does not capture the recent high-profile Optus and Medibank events.
The report also highlights a significant increase in the average cost and losses per incident ($39,000 for small business, $88,000 for medium size) and a similar uptick in the number, speed and destructive nature of attacks.
See the full report.
Take home lessons for the legal profession
Many of our clients’ systems (both business and personal) are likely to be compromised. Don’t trust email as a final source of truth in financial transactions or as a channel for secure communication of highly sensitive material.
Between 150,000 and 200,000 routers used in Australian homes and businesses are vulnerable. The router is your post-box to the internet, and if compromised, any traffic moving through it might be vulnerable or infected with malware. This includes small practices with domestic grade equipment and work devices accessing cloud accounts through a domestic router.
Ransomware techniques continue to evolve. Some methods (such as stealing all data and threatening to sell it unless a ransom is paid) are especially damaging to the trust which is the core of a law firm’s reputation.
There has been an increase in vulnerable software incidents. Both because there are more software products in use and because cyber criminals are increasingly well resourced; attacks using ‘holes’ in software and cloud systems are on the rise.
There are two things a law firm needs to consider:
- keep the amount of software on your system to a minimum, and
- ensure that your firm is diligent in ‘patching’ all software and devices (running software updates and making sure security fixes are applied). This should be done at least every 30 days.
What is QLS doing to help members respond to this threat?
Queensland Law Society has an active cyber defence team which produces up-to-date practical guidance for the legal profession. This guidance is written with smaller/medium firms in mind. Access this material.
QLS maintains a $50,000 first-party loss cyber policy for all member firms (firms insured by Lexon in which all principals are full or honorary QLS members.) This high quality insurance assists member firms to respond and recover in the event of a cyber incident. See the terms and conditions, and coverage/claims information.