The risks of cyberattacks upon law firms and others remain a growing risk and the attack on Allen & Overy has seen experts criticize the firm for not being more open about what occurred.
Allen & Overy’s Australian division, which includes about 25 partners and 130 fee-earning lawyers, is under scrutiny for its lack of communication regarding the cyberattack. This silence poses a significant risk to the firm’s trustworthiness among clients and the public, commentators say.
Alastair MacGibbon, the former head of the Australian CyberSecurity Centre and an experienced adviser to two Australian prime ministers, criticized the firm’s approach in his statement to The Australian Financial Review.
He emphasized the detrimental impact of the firm’s silence, suggesting it is unhelpful in the current context.
The cyberattack, reportedly linked to the Russian hacking group LockBit, threatens the integrity of confidential files from the London-based firm.
LockBit plans to release the files on the dark web starting November 28. This development is particularly concerning given Allen & Overy’s clientele, which includes critical infrastructure assets like NBN Co and the Port of Melbourne in Australia.
The Australian Signals Directorate, through a spokesperson, acknowledged awareness of the cyber incident involving Allen & Overy. However, they deferred specific queries to the firm itself.
However the firm’s Australian arm has remained tight-lipped, offering no comments beyond a brief statement acknowledging the ongoing assessment of the data impact and the continuation of detailed cyber forensic work.
This reticence to communicate is not without consequence. MacGibbon, who currently serves as the chief strategy officer at CyberCX, speculated that the firm’s legal focus might be overshadowing the need for transparent communication.
He warned against the potential pitfalls of this approach, underscoring the importance of stakeholder communication in such situations.
The Australian Home Affairs Department has expressed its readiness to assist Allen & Overy’s Australian division if necessary.
This situation underscores a larger trend identified in the ASD’s annual cyber threat report, which notes that legal concerns often impede efforts to assist companies facing cybersecurity threats.
This incident is part of a broader pattern of cyberattacks targeting law firms, which are attractive to hackers due to the sensitive information they hold.
Notably, HWL Ebsworth, Australia’s largest law partnership, experienced a similar breach earlier this year, impacting major banks, insurers, and government agencies.
Internationally, prominent law firms like DLA Piper, K&L Gates, and Kirkland & Ellis have also been victims of cyberattacks.
According to a report by the UK’s National Cyber Security Centre, there has been an increasing rash of ransomware attacks on law firms.
Cyber attacks against law firms are steadily rising everywhere with 73 of the UK’s top 100 law firms being targeted according to cybersecurity consultancy CYFOR Secure.