Do The #PanamaPapers Make All Law Firms A Target?

Uploaded on 2016-04-20 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Law

The massive haul of data from the Mossack Fonseca Panama Papers breach includes over 2.6 terabytes of data, the largest known breach in hacking history.

Information is coming to light on how a global collection of journalists and technologists managed and extracted knowledge from this collection of data, including information on the tools the journalists used to exploit and manage the data.

Additionally, it is pretty clear that Mossack Fonseca did not exercise good security practices.  Their emails were not encrypted, its websites had many vulnerabilities, which could have contributed to exploitation, and, perhaps more importantly, Mossack Fonseca did not have a means to detect the movement of all this data out of their enterprise. But still, the actual method of attack and data extraction is not yet known, and we might never know.

But still there is information we can assess relevant to the threat to organizations, especially law firms. At this point we believe it is prudent for all law firms to ask themselves a few questions:

Will hacking groups think all global law firms are as bad as Mossack Fonseca and therefore target them in new, more persistent ways?

  • Are your defenses optimized?
  • Do you have an insider threat program?
  • Are incident response plans tested?
  • Are strategic communications plans in place?
  • What can be put in place to provide warning of attack?
  • Is it time for an external verification of security?

We will continue to track this situation and report on any insights relevant to the threat.

TheBrief: http://bit.ly/20T6ZJh

« DARPA Has Invented The Ultimate Cyber Security
The First Ghost Ship In The US Robotic Navy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Celestix Networks

Celestix Networks

Celestix is a global provider of secure network solutions that enable the simple deployment of secure remote access connectivity.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

National Cyber-Forensics & Training Alliance (NCFTA)

National Cyber-Forensics & Training Alliance (NCFTA)

NCFTA is a non-profit corporation focused on identifying, mitigating, and neutralizing cyber crime threats globally.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

AntemetA

AntemetA

AntemetA specializes in network infrastructure, security and cloud computing, helping companies transform their Information Systems.

th4ts3cur1ty.company

th4ts3cur1ty.company

th4ts3cur1ty.company specialize in delivering intelligence lead adversary emulation purple teaming & the bespoke building of Security Operation Centers.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

Human Security

Human Security

Human (formerly White Ops) Bot Mitigation Platform enables complete protection from sophisticated bot attacks across advertising, marketing and cybersecurity.

GoSecure

GoSecure

GoSecure Managed Detection and Response helps all organizations reduce dwell time by preventing breaches before they happen.

Sylint

Sylint

Sylint is an internationally recognized cyber security and digital data forensics firm with extensive experience discretely addressing some of today’s biggest cyber breaches.

Integrity

Integrity

Integrity is a PCI QSA and ISO 27001 certified company specialized in Information Security and IT Consulting.

UK Cyber Security Council (UKCSC)

UK Cyber Security Council (UKCSC)

The role of The UK Cyber Security Council is to champion the cybersecurity profession across the UK, provide representation for the industry, accelerate awareness and promote excellence.

Mosaic Insurance

Mosaic Insurance

Mosaic is a next-generation global specialty insurer distinguished by an exceptional team, agile technology, and a structure that combines Lloyd’s of London strength with a global distribution network

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.