Being a heavily targeted sector, LPS organizations and those in other sectors being earmarked for attacks need to ensure vigilance, resilience

In examining some recent cyber trends affecting the Legal and Professional Services (LPS) sector, an Australian multinational general insurance and insurance firm has released some qualitative observations.

First, the LPS sector is a frequently target of cybercriminals because these firms hold sensitive data on numerous clients, and are perceived to be highly likely to pay significant ransoms.

Second, at the rate that the sector has been affected by zero-day vulnerabilities such as the MOVEIt attack, organizations are likely to continue being vulnerable.

Other sector observations

Third, based on the firm’s various bibliographical materials, cybercriminals have been adapting their tools and techniques to counter advances in Endpoint Detection and Response (EDR) solutions. State-sponsored threat actors are increasingly collaborating with criminal actors, adopting the same tools and techniques, and blurring the lines between state-sponsored and financially-motivated activity. Also:

  • Given that LPS organizations may have complex supply chains, the risks of attacks and vulnerabilities from third-parties is linked to increased possibilities for data breaches or even sector-wide disruption.
  • Similarly, other technological advancements such as cloud adoption, increasingly complex supply chains, and cybercriminals’ focus on supply chain vulnerabilities is creating new threats for the sector.
  • AI is already enhancing the reach and success rate of social engineering tactics, deepfakes and other viral threats, allowing malicious actors to scale their activities and increase visibility. In particular, business email compromise (BEC) has been powered by AI to remain a significant threat to most organizations in the LPS sector.

According to QBE Insurance Group, the firm offering its insights and cyber research findings to the LPS sector and beyond, the ongoing and emerging cyber trends worldwide necessitate tightened oversight of preemptive, proactive and broader measures against ransomware, zero day and latent vulnerabilities, cloud risks, supply-chain risks, and AI/BEC/deepfake threats.

In the final analysis, the firm’s risk landscape report for the LPS sector can be taken as a wake-up call to other similar sectors worldwide that have been lagging behind the cyber defense curve.