While law firms are putting their energy into deploying artificial intelligence (AI) to improve client service, a report by WithSecure, the Finnish Transport and Communications Agency (TraEcom), and the Finnish National Emergency Supply Agency (NESA), The security threat of AI-enabled cyberattacks warns that AI may be used by criminals. Target identification, social engineering, and impersonation are the most likely deployment at present, but the authors predict that autonomous execution of attack campaigns, using stealth to evade defences and harvesting information from compromised systems or open-source intelligence will feature in future.
While the SRA reported a reduction in client losses from cybercrime (at the COLP COFA conference in November 2022), the risks have not gone away, and a large US firm is reported to have been unable to use its document management system for some weeks. Check Point Research reported that global attacks increased by 28% in the third quarter of 2022 compared to the same period in 2021, and a Review of the October 2022 Renewal Season by Miller Insurance notes that there have been a number of payment di-version fraud and invoice manipulation losses; in the course of audits and other practice, we have seen examples of firms where procedures for verifying account details and ensuring clients also understand the risks are less robust than they might be, so this may be an area worthy of review.
Ransomware attacks pose a threat to businesses, including law firms, of two requests for payment, the first for the key to decrypt data on the firm’s systems, and secondly as the price not to publish a copy of client confidential material.
‹ Back to Publications