Cyber threats for law firms in 2024

Cyber-risk will continue to be a major risk for all law firms in 2024 due to the sensitive nature of the information they hold. 

According to PwC’s 2022 law firm report, while 77% of firms experienced a cyber attack as a result of staff error, 8% of firms experienced an incident caused by a malicious insider. This and many more is evidence of how cybercrime is a clear and present danger and it could have a catastrophic impact on firms and their clients if appropriate plans are not put into place to stop it 

For firms on the lookout, here are Cyber risks that will be a major threat to law firms in 2024:

• Multi-factor faking – Attackers spoof your multi-factor authentication web pages, tricking you into entering your code and granting them access.
• QR code phishing – Rather than emailing a link, an attacker will send you a QR code to scan, so you can’t check the link before scanning.
• More sophisticated ransomware attacks – More businesses are now paying the ransoms demanded so they can continue operating as normal.
• Increased supply chain attacks – Cyber attackers inject code into a website allowing them to steal data, such as clients’ personal details and credit card details.
• Attacks on AI systems – Attackers are studying how networks are using machine learning for system defence so they can work out how to breach them
• DNS spoofing – Criminals can spoof details related to web IP addresses, misdirecting users to compromised websites where they risk having data stolen.
• Fakes and deepfakes (faked videos and audio recordings that resemble the real thing) – We have seen CEO fraud involving emails in the past but now criminals are using faked recordings of senior managers asking the accounts department to make payments into a criminal’s bank account.
• Surveillance attacks using smartphones – Tracking software is installed onto phones to monitor a user’s behaviour from their smartphone usage.