Cyber Security for Legal and Chambers

We are a medium sized firm of Barristers and Solicitors with a mixed practice in litigation, commercial, conveyancing and private clients, and have been established in Gibraltar for several decades. Since 2022 we have worked closely with Hedgehog Security and its founder Mr Peter Bassill to enhance our Information Security practices with our firm. Hedgehog provide SOC services and security advice on a daily basis. In general terms Hedgehog Security have provided us with what I can only describe as a first class professional service for very reasonable fees. We have no complaints and only praise for them.

talks to Stephen Catania, Managing Partner at Attias & Levy.

In late 2022, we were approached by Attias & Levy’s IT services provider to assist in responding to a data breach in a highly sensitive and high-profile case. Our Incident Response team sprang into action, conducting a thorough investigation of their systems and providing prompt and efficient support during a critical time.

Incident Response: Swift Action Saves the Day

Our team’s swift response was instrumental in minimizing the impact of the breach. By quickly containing the incident and identifying the root cause, we were able to prevent further damage and ensure that Attias & Levy’s sensitive data remained secure.

Cyber Defence Services: Ongoing Protection for a High-Profile Firm

In addition to our initial response efforts, we provided ongoing cyber defence services from our team of expert cyber defenders. This comprehensive approach ensured that Attias & Levy was well-equipped to defend against future threats and maintain the highest levels of cybersecurity.

As part of our ongoing services, we implemented a range of measures to protect the firm’s systems and data. These included:

  • 24/7 Monitoring: Our team monitored their systems and networks around the clock, detecting and responding to potential security incidents in real-time.
  • Advanced Threat Detection: We deployed advanced threat detection tools to identify and block sophisticated attacks, including zero-day exploits and targeted phishing campaigns.
  • Vulnerability Management: Our team identified and remediated vulnerabilities in the firms systems and applications, reducing the risk of exploitation by attackers.
  • Penetration Testing: Regular penetration testing exercises were conducted to simulate real-world attacks and identify areas for improvement in the firm’s security posture.

By providing ongoing cyber defence services:

  • Reduce Risk: Our proactive approach reduced the risk of future data breaches and cyber attacks, giving the firm peace of mind that its sensitive information was secure.
  • Improve Compliance: Our services ensured that they met industry standards for cybersecurity, reducing the risk of non-compliance with regulatory requirements.
  • Enhance Reputation: By demonstrating a commitment to cybersecurity, enhancing their reputation as a trusted and responsible organization.

Through our ongoing cyber defence services, we helped build a robust security posture that protected its sensitive information and maintained the trust of its clients.

Cyber Essentials Plus Certification: Industry-Recognized Standards

As part of our work, we helped the firm achieve Cyber Essentials Plus certification - a testament to their commitment to meeting industry standards for cybersecurity. This certification demonstrates that our team’s expertise in implementing robust security controls and processes has helped Attias & Levy meet the highest levels of security compliance.

Cyber Essentials Plus is a widely recognized industry standard for cybersecurity, designed to ensure that organizations have implemented robust security controls and processes to protect their sensitive information. The certification process involves a rigorous assessment of an organization’s security posture, including:

  • Network Security: A review of network security measures, including firewalls, intrusion detection systems, and access controls.
  • System Security: An evaluation of the firm’s system security practices, including patch management, vulnerability scanning, and configuration management.
  • User Authentication: A review of user authentication processes, including password policies, multi-factor authentication, and account management.
  • Data Protection: An assessment of the firm’s data protection measures, including encryption, backup and recovery procedures, and incident response planning.

By achieving Cyber Essentials Plus certification, Attias & Levy demonstrated its commitment to meeting industry standards for cybersecurity. This certification:

  • Enhanced Reputation: The certification enhanced their reputation as a trusted and responsible organization, demonstrating its commitment to protecting sensitive information.
  • Improved Compliance: The certification ensured that they met regulatory requirements and industry standards for cybersecurity, reducing the risk of non-compliance.
  • Increased Confidence: The certification gave their clients and partners increased confidence in the firm’s ability to protect their sensitive information.

Through our expertise in implementing robust security controls and processes, we helped Attias & Levy achieve Cyber Essentials Plus certification, demonstrating its commitment to meeting industry standards for cybersecurity.

Forensic Level Investigations: Uncovering the Truth

In addition to our initial response efforts and ongoing cyber defence services, we conducted forensic-level investigations to uncover the truth behind the data breach at Attias & Levy. Our team of expert investigators used advanced tools and techniques to analyze the compromised systems, networks, and devices, gathering critical evidence to reconstruct the events surrounding the breach.

Forensic Analysis: We conducted a thorough forensic analysis of the affected systems, including:

  • Memory Forensics: We analyzed system memory to identify potential malware or other malicious code.
  • Disk Forensics: We examined disk storage to recover deleted files, analyze file systems, and identify potential evidence of unauthorized access.
  • Network Forensics: We analyzed network traffic to identify suspicious activity, reconstruct communication patterns, and pinpoint the source of the breach.

Incident Reconstruction: Our investigators reconstructed the events surrounding the breach, including:

  • Timeline Analysis: We created a detailed timeline of the incident, identifying key events, timestamps, and potential indicators of compromise.
  • Actor Profiling: We analyzed the behavior of the attacker(s) to identify their motivations, tactics, techniques, and procedures (TTPs).
  • Root Cause Analysis: We identified the root cause of the breach, including any vulnerabilities, misconfigurations, or human errors that contributed to the incident.

Reporting and Recommendations: Our investigators compiled a comprehensive report detailing our findings, including:

  • Incident Summary: A summary of the breach, including the scope, impact, and potential consequences.
  • Root Cause Analysis: An analysis of the root cause of the breach, including recommendations for remediation and mitigation.
  • Recommendations: Practical recommendations for improving Attias & Levy’s security posture, reducing the risk of future breaches, and enhancing overall cybersecurity.

Through our forensic-level investigations, we helped Attias & Levy:

  • Uncover the Truth: We provided a clear understanding of the events surrounding the breach, including the root cause and potential consequences.
  • Improve Security: Our recommendations helped Attias & Levy improve its security posture, reducing the risk of future breaches and enhancing overall cybersecurity.
  • Enhance Compliance: The investigation report and recommendations ensured that Attias & Levy met regulatory requirements and industry standards for cybersecurity.

By conducting forensic-level investigations, we helped Attias & Levy uncover the truth behind the data breach, improving their security posture and enhancing their reputation as a trusted and responsible organization.

Regulatory Compliance: A Robust Defence Against Regulators

As part of our comprehensive cybersecurity services, we ensured that Attias & Levy maintained regulatory compliance with relevant laws, regulations, and industry standards. Our team of experts worked closely with the firm to implement robust controls and processes that met the requirements of various regulatory bodies.

GDPR Compliance: We helped Attias & Levy achieve General Data Protection Regulation (GDPR) compliance by:

  • Data Mapping: Conducting a thorough data mapping exercise to identify all personal data processed by the firm.
  • Privacy Impact Assessments: Performing privacy impact assessments to identify potential risks and implement mitigating controls.
  • Consent Management: Developing processes for obtaining and managing consent from individuals whose personal data is processed.

Cybersecurity Frameworks: We implemented cybersecurity frameworks that met the requirements of various regulatory bodies, including:

  • NIST Cybersecurity Framework: The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a structured approach to managing and reducing cybersecurity risk.
  • ISO 27001: The International Organization for Standardization (ISO) 27001 standard provides a framework for implementing an Information Security Management System (ISMS).

Audits and Assessments: We conducted regular audits and assessments to ensure that Attias & Levy’s controls and processes met regulatory requirements. Our team:

  • Conducted Risk Assessments: Identified potential risks and vulnerabilities, and implemented mitigating controls.
  • Performed Compliance Audits: Conducted regular compliance audits to ensure that the firm was meeting regulatory requirements.
  • Provided Recommendations: Provided recommendations for improving compliance and reducing risk.

Regulatory Liaison: We served as a liaison between Attias & Levy and regulatory bodies, ensuring that the firm was aware of changing regulations and industry standards. Our team:

  • Stayed Up-to-Date: Stayed up-to-date with the latest regulatory developments and industry trends.
  • Provided Guidance: Provided guidance to Attias & Levy on regulatory requirements and best practices.
  • Facilitated Compliance: Facilitated compliance with regulatory requirements, ensuring that the firm was meeting its obligations.

By implementing robust controls and processes, we helped Attias & Levy maintain regulatory compliance, reducing the risk of non-compliance and potential fines. Our team’s expertise in cybersecurity and regulatory compliance ensured that the firm was well-equipped to meet the demands of various regulatory bodies.


The case study of Attias & Levy serves as a powerful reminder of the importance of proactive cyber defence in today’s digital landscape. By providing swift incident response, ongoing cyber defence services, and expert forensic-level investigations, our team helped this high-profile firm navigate a difficult situation and achieve industry-recognized standards for cybersecurity.

Talk to one of our cyber security experts to see how our range of protection services can detect attacks, defend your data and disrupt hostile actions.

Find out how we can protect your data