In light of numerous dramatic shifts in the geopolitical landscape in recent months, this blog has reiterated the need for organisations across all sectors to strengthen and - if necessary - reconsider their cyber security postures, in order to prepare for the anticipated attacks by global bad actors. The legal sector is no exception, particularly as these attacks are anticipated to specifically target the most high-value data.

Although the sector as a whole has traditionally been comparatively wary of the ever-increasing pace of technology, legal services are increasingly data driven, with an abundance of AI-related discussion emerging within legal technology circles. The core Document Management Systems (DMS) and Practice Management Systems (PMS) remain the centre of focus for how and where to deploy a variety of rapidly maturing SaaS platforms, or dedicated, highly customised suites.

The UK government has proposed extending its ban on ransomware payments to cover the entire public sector in an attempt to deter cybercriminal attacks and protect taxpayers.

A UK firm has been hit by a £3.07 million fine after being hit by a ransomware attack that exposed sensitive data related to almost 80,000 people, and disrupted NHS services.

Secure Access Service Edge (SASE) is rapidly establishing itself as the solution of choice for the next generation of enterprise networks, where optimal control, visibility, and scalability are essential. In the first quarter of 2024 alone, the SASE market experienced a 23% surge, as more and more organisations began taking advantage of its capabilities.

Stoli Group USA, the US subsidiary of vodka maker Stoli, has filed for bankruptcy – and a ransomware attack is at least partly to blame.

The American branch of Stoli, which imports and distributes Stoli brands in the United States, as well as the Kentucky Owl bourbon brand it purchased in 2017, was hit by a ransomware attack in August 2024.

To Test or Not to Test? - When it comes to IT disaster recovery and remediation processes, regular testing is not a 'nice to have' - it's absolutely essential!

This isn't hyperbole on my part. You just have to look at the news on any given day. We've all heard the horror stories of organisations in both the public and private sectors experiencing prolonged downtime during disasters due to inadequate preparation, lack of testing, and the unsuitability of their legacy remediation processes and systems.

The international hotel chain Omni Hotels & Resorts has confirmed that a cyberattack last month saw it shut down its systems, with hackers stealing personal information about its customers.

In the aftermath of the attack, hotel guests reported that they had been forced to check in on paper, that room keys didn't work, and all phone systems and Wi-Fi were offline.

On the 18^th March 2024, the Information Commissioner's Office issued its updated guidance around the issuing of fines when organisations have been found liable for the integrity of their customers' or end users' data being compromised. It is already well-established now that failure to ensure critical data remains secure will result in costly fines, as we have seen repeatedly in multiple high-profile cases over the years.

In October 2023, the British Library suffered "one of the worst cyber incidents in British history," as described by Ciaran Martin, ex-CEO of the National Cyber Security Centre (NCSC). 

The notorious Rhysida ransomware gang broke into one of the world's greatest research libraries, encrypting or destroying much of its data, and exfiltrating 600 GB of files, including personal information of British Library staff and users.

Any organisation that has tried to recover from a ransomware attack knows that it can be time-consuming and costly. Companies hit by an attack must choose between paying a ransom or recovering encrypted data from a backup.

Unfortunately, ransomware gangs are too aware that they can leverage significantly higher ransoms from their corporate victims if they have also compromise the company's backups. For this reason, we are seeing more and more cyber attacks targeting backups because they know that organisations desperately need them to recover if they want to avoid paying a ransom to cybercriminals.

After several years of serious global upheaval, it is clear that resilience, agility, and the ability to adapt to the unexpected are critical priorities for all organisations – regardless of size or sector. However, this accelerated pace of change has, in many cases, revealed the limitations of existing IT services. With an increasing emphasis on on-demand services and a highly fluid workforce, legacy services and their systems often struggle to support new propositions and customers' evolving needs, which will – in turn – make maintaining a competitive advantage difficult, if not near impossible.

From day-to-day consumer banking to high-profile asset and wealth management, the way we all access financial services is changing in ways that would have been inconceivable just a few years ago. Online banking is now firmly established, allowing customers to manage their money securely within a few clicks - anytime, anywhere and without the need to visit a branch. A 2022 survey revealed that the quality of the online experience was a key factor in 81% of adults' choice of bank¹.

As a long-standing technology partner for multiple financial organisations across the UK, the team at Exponential-e have been observing the sector's evolving relationship with technology for some time - both the growing demand for a higher standard of operational resilience, and an increasing awareness of the challenges and opportunities that Cloud transformation presents.