The Panama Papers has hogged security headlines over the past week. So it would only be fair to focus on what the industry is saying about the stolen data in this week’s security roundup.
SIFTING THROUGH THE DATA CREATES A CULTURE THAT SAYS IT’S OK TO VIOLATE SECURITY
First up, Sopho’s senior technologist Paul Ducklin commented: “It’s ironic that the sort of person who wouldn’t dream of looting a supermarket after balaclava-clad rioters had smashed in the windows often has no qualms about digging into stolen data after it’s been leaked by someone else.
“That’s a pity, because it helps create a culture that says it’s OK to violate security and privacy ‘as long as you can come up with a good reason for it,’ with no thought for unintended consequences such as making it easier for real crooks to get at stuff they shouldn’t.”
Ducklin has also outlined exactly what the Panama Papers are: “The word Panama comes from the location of the legal firm that was breached, Mossack Fonseca, headquartered in Panama City; and Papers is a metaphor.
“With an estimated 2.6TB of stolen data in the breach, this was not a traditional break-and-enter, and the hacker or hackers behind it didn’t run off with filing cabinets of printed material.
If you assume a generous allowance of 1MB of data per printed A4 page, 2.6TB comes out at 2,600,000 pages.”
‘PANAMA PAPERS’ IS A CAUTIONARY TALE FOR UK LEGAL FIRMS
Charles White, CEO of IRM has also offered up his comments on the leak, and what security measures firm’s should take away from the news: “The leak could be the work of an external hacker, and one would hope with information of this magnitude a very competent hacker potentially at nation state level. Legal companies like this hold a lot of rich, exciting information that can be very useful at a nation state level, especially when current and former world leaders are involved. The huge amount of data makes it likely the entire database was stripped out, which also points to an external attack.
“The leak should be taken as a cautionary tale for legal firms in the UK – they need to understand that they are seen as a rich source of salacious data and are very much at risk of the same thing happening to them. Data security should be the chief concern of any business holding personal and financial data, especially when it’s as sensational as this.
“How and why it ended up with the press is unknown for now, but the motivation seems to be a Wikileaks or Snowden-style leak to initiate debate and deal with the perceived issues of secretive offshore accounts and hedge fund culture.”
THIS BREAK REPRESENTS A NEW SECURITY THREAT-SCAPE
Mark Sangster, VP of Marketing at eSentire, believes the Panama Papers breach represents a new security threat-scape: “Insider threat is a growing concern. We’re seeing many cases of insider data breaches that involve leaking sensitive data for front running trades or more malicious intent. In this case, seemingly one individual got his or her hands on a massive collection of files spanning four decades.
“If this holds true, this extreme case of an apparent insider threat will result in catastrophic consequences for Mossack Fonseca. As with last week’s multi-law firm breach case, the elephant in the room is the target on law firms’ backs. Until now, the legal industry has generally operated within a loose set of cyber security guidelines. However quickly, we expect to see hardline compliance rules and fines come to firms with sub-standard cyber security defenses in the future.”
IN OTHER NEWS
- 1 in 10 Britons have hacked into another person’s social media or email account for what they deem to be honest reasons, while 22 per cent admit trying to hack a partner’s social media or email for dishonest reasons, according to Online Spy Shop.
- Millions of consumers are concerned about using contactless cards in the wake of rising levels of fraud, according to a study by Defender Note.
- An investigation conducted in early 2016 by cyber security company F-Secure discovered thousands of severe weaknesses in corporate networks that attackers can use to infiltrate companies.