Most law firms exposed to threats from cybercriminals
Almost all of the UK’s top 200 law firms have been exposed to threats from cybercriminals, new research shows.
A report from Crowe, an audit, tax, advisory and risk firm, in conjunction with KYND, a cyber risk prevention company, shows that 91 per cent of firms analysed are exposed to having their website addresses spoofed and used to send spam, phishing or otherwise fraudulent emails – either internally or externally.
In addition, 80.5 per cent of firms were running at least one service, such as an email server or webserver, with a well-known vulnerability that could be exploited by hackers – putting them at high risk of attack from cybercriminals who specifically target services with known vulnerabilities.
Twenty-one per cent of firms had at least one service that was using software which was out of date and no longer supported by the developer, putting them at higher risk of attack and service failure.
Furthermore, 23 per cent of firms had at least one security certificate which had expired, been revoked or distrusted. This means
clients, prospects or applications would not be able to securely connect to websites using such a certificate.
Finally, 79 per cent of firms had at least one domain registered to a personal or individual email address, representing a significant threat to business continuity and domain ownership.