AUCloud Chief Executive Officer Peter Maloney can pinpoint why law firms across Australia are under threat from cyber attacks.
“They are the custodians of trade secrets,” says the cyber security expert. And a recent study of Australian law firms showed they are underprepared for cyber attacks.
The latest research, conducted by the Australasian Legal Practice Management Association and ASX-listed AUCloud, revealed 14 per cent of respondents had experienced a cyber attack attempt in the past 12 months, 84 per cent are concerned about future breaches and only 32 per cent have a cyber incident plan.
“Law firms need to be thinking about protecting their clients data, IP and trade secrets,” Peter said.
“They represent clients with contracts, intellectual property and mergers and acquisitions. That stuff is never, ever, meant to see the light of day. It is really high value.
“Now we live in a world where we’ve all been hacked. Personally identifiable information – that’s where the money is.”
And Australia and its citizens have lots of money compared to many other countries such as Brazil or South Africa, so we have a huge target on us, according to Peter.
He explained there were three reasons cyber criminals are attacking Australia. The first is the high net worth of Australians.
“The average net worth of Australian citizens is $550,000 which is on par with the US, which is the most attacked, and Australia is second. The higher the worth, the higher the access to cash.
“The only thing cyber criminals want is cash. They are not interested in the data and selling it on the black market; that is more about ransom for cash.
“They follow where the cash is. The more disposable income, the higher the probability of paying.”
The second reason is Australia’s extensive digital connections, and lawyers are connected at home and at work.
“Think of all the devices a business uses and each device is open to vulnerability,” he said.
“Open connections are easy access for cyber criminals to enter the network. It is the same as houses with multiple devices such as oven applications to outdoor security. Your internal household devices are all subject to vulnerability.
“The gold is a laptop and email systems. So the depth of digital connection in Australia is the second reason we are being targeted.”
The third reason is broader and more a government and infrastructure issue.
“Cyber crime is happening at a federal and state government level. They want to penetrate high-value assets. For example, there is one airport in Brisbane – if they take down the system, they affect 120,000 patrons. They target single points of failure.
“Cyber warfare is about high-value infrastructure assets, and if they take them down, they inflict harm to as many people as possible.
“For law firms working representing the Queensland Government on such things as commercial negotiations around roads, that stuff is valuable.
“Although the volume of cyber threats in Australia is at an all-time high, they can be mitigated if the appropriate cyber security measures and protocols are in place. The issue we see is many organisations don’t act until it’s too late.
“Protecting client data isn’t just a legal requirement, it’s the foundation of trust in the legal profession.”
More than 50 per cent of respondents in the study were not confident their firm was as secure as it could be against a cyber attack, and 19 per cent felt their company was not doing enough to protect itself.
Peter said while there was a general understanding and awareness of cyber security in Australia, “the nature of law” meant the profession here was dominated by small to medium-sized firms.
“Small to medium-sized firms put a lower price on protection, for larger firms it is a no-brainer. It is a must-have.”