CYBER ATTACKS
IT’S TIME TO GET OUR HEADS OUT OF THE SAND AND INTO THE CLOUD ALEXANDRA DOUVARTZIDIS, ASSOCIATE AT HWL EBSWORTH LAWYERS AND MEMBER LEGAL TECHNOLOGY COMMITTEE, AND ALEXANDRA HARRIS, SENIOR ASSOCIATE AT TINDALL GASK BENTLEY LAWYERS AND MEMBER, LEGAL TECHNOLOGY COMMITTEE
D
ata breaches and cyber-attacks are occurring on a more frequent basis in Australia. Recently, the South Australian Government was the victim of a ransomware cyber-attack in November, 2021. The government first disclosed the extent of the data breach in November, when it said at least 38,000 employees had their records stolen and, in some cases, published on the dark web. It was later revealed that the breach impacted almost 80,000 employees.1 The South Australian Government is not the only victim of large cyberattacks. From other State Governments attacks amassing hundreds of thousands, to CANVA’s breach in 2019 impacting approximately 139 million of its users,2 cyber-attacks are almost a part of everyday life. Even though the Australian Government is revising its cybersecurity frameworks and policies, businesses, including law firms, cannot exclusively rely on the government for protections against cyber-attacks.3 It has become increasingly essential for lawyers and law firms to understand, embrace and implement emerging legal technologies in their individual practice and overarching firm policies, not only to improve efficiencies and work flow generally, but also to protect clients’ and their own sensitive information.
6 THE BULLETIN April 2022
It is somewhat obvious that law firms will competitively benefit from keeping up to date with technology and integrating it into their everyday practice. Every day we are seeing an increasing number of firms and courts around Australia move away from traditional paper storage to cloudbased storage and document management systems. What isn’t as obvious is the concept that being a ‘tech savvy’ lawyer, or at the very least keeping up to date with the latest technological advancements potentially falls under the overarching ethical obligations that lawyers must abide by. This article considers a common type of cyber-attack in detail, the risks and consequences for practitioners, and how practitioners can avoid cyber-attacks. We also consider what steps practitioners should take if an attack occurs, and what are the general benefits of increasing your overall knowledge of technology in everyday practice.
WHAT IS A “CYBER-ATTACK” AND WHAT ARE THE COMMON TYPES? A cyber-attack is when cybercriminals through the use of a computer launches an attack to disable systems, steal and/ or destroy data and information, or use a breached computer system to launch
additional attacks. Cybercriminals use different methods to launch a cyberattack that includes malware, phishing, ransomware, or other methods.4 Criminally motivated persons generally launch cyber-attacks in order to seek financial gain through the theft of actual monies and/or data information that they can hold ‘ransom’ and seek payment for the return or destruction of the information held. Occasionally, an attack is launched for the purposes of merely disrupting a company’s system,5 or for a multitude of other reasons. From ransomware to malware, the types of cyber-attacks individuals and companies face today are endless. For the purposes of this article, we focus on the key cyber-attack method of ‘phishing’ commonly faced by practitioners. Phishing is where cybercriminals send fraudulent messages in an attempt to steal confidential information, such as banking logins, credit card details, business login credentials or passwords/passphrases.6 Phishing, unlike hacking, relies on a person voluntarily providing information.7 ‘Spear phishing’ for example, is when messages sent to target specific individuals and/or organisations.8 It is not uncommon for more sophisticated messages to contain material that is true (or appears likely to be true) to make them seem more genuine.9
