Trustwave report highlights severe cybersecurity threats to pro firms
Trustwave, a cybersecurity and managed security services provider, has released a report entitled "2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies." The report investigates the rise of ransomware, third-party supplier exposure, and technology-based attacks targeting professional services firms.
The professional services sector, which includes consulting, accounting, legal, and other business services, has been identified as a prime target for threat actors due to the sensitive nature of the data these firms possess. This data, including intellectual property, legal documents, and client personally identifiable information (PII), is highly valuable and can be sold on the Dark Web or used to launch further attacks.
Kory Daniels, Chief Information and Security Officer at Trustwave, stated, "Across today's B2B and B2C vendor supply chains, a cybersecurity breach for professional services firms isn't just an inconvenience, it can be catastrophic.
"The financial losses from recovery, legal fees, and potential fines are just the tip of the iceberg. The severe reputational damage can erode years of client trust and stall future business. Operational disruptions, employee stress, and increased regulatory scrutiny further compound these challenges. This is why robust cybersecurity is no longer optional, it's a critical priority for these information-rich firms."
The recent research by Trustwave SpiderLabs reveals the attack methodologies employed by threat groups, highlighting their tactics, techniques, and procedures. Professional services firms face a unique cybersecurity challenge due to complex vendor ecosystems, regulatory burdens, and the high value of their data.
The report analyses the threat groups and their methods throughout the attack cycle, from the initial foothold to data exfiltration. By examining the cybersecurity challenges across different professional service fields, including legal services, consulting, and accounting, the report underscores the sector's vulnerabilities.
According to the findings, law firms are the most vulnerable within the professional services sector, accounting for 46 per cent of ransomware incidents. Phishing remains a significant threat, responsible for 93 per cent of the initial access gained by attackers. A deeper dive into the report shows that 20 per cent of ransomware attacks in the professional services industry were perpetrated by the ALPHV group, while LockBit 3.0 and 8Base were behind 19 per cent and 18 per cent of attacks, respectively.
The report emphasises the necessity for professional services firms to adopt robust cybersecurity measures urgently. Given the high incidence rate of attacks, firms must prioritise their cybersecurity strategies to protect sensitive data and maintain operational integrity amidst the evolving threat landscape.