Do The #PanamaPapers Make All Law Firms A Target?

The massive haul of data from the Mossack Fonseca Panama Papers breach includes over 2.6 terabytes of data, the largest known breach in hacking history.

Information is coming to light on how a global collection of journalists and technologists managed and extracted knowledge from this collection of data, including information on the tools the journalists used to exploit and manage the data.

Additionally, it is pretty clear that Mossack Fonseca did not exercise good security practices.  Their emails were not encrypted, its websites had many vulnerabilities, which could have contributed to exploitation, and, perhaps more importantly, Mossack Fonseca did not have a means to detect the movement of all this data out of their enterprise. But still, the actual method of attack and data extraction is not yet known, and we might never know.

But still there is information we can assess relevant to the threat to organizations, especially law firms. At this point we believe it is prudent for all law firms to ask themselves a few questions:

Will hacking groups think all global law firms are as bad as Mossack Fonseca and therefore target them in new, more persistent ways?

  • Are your defenses optimized?
  • Do you have an insider threat program?
  • Are incident response plans tested?
  • Are strategic communications plans in place?
  • What can be put in place to provide warning of attack?
  • Is it time for an external verification of security?

We will continue to track this situation and report on any insights relevant to the threat.

TheBrief: http://bit.ly/20T6ZJh

« DARPA Has Invented The Ultimate Cyber Security
The First Ghost Ship In The US Robotic Navy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Synovum

Synovum

Synovum was formed with the intention to provide high quality advice, consultancy, training and project management services to clients in all sectors of industry.

Wizard Computing

Wizard Computing

Wizard Computer Services is a full service IT solutions provider that offers managed services, consultation, installation, and support to small and large businesses in New England.

Q-CERT

Q-CERT

Q-CERT is the National Computer Security Emergency Team of Qatar.

VNCERT

VNCERT

VNCERT is the national Computer Emergency Response Team for Vietnam.

Cysec - TU Darmstadt

Cysec - TU Darmstadt

CYSEC is the Cybersecurity faculty of the Technical University of Darmstadt and performs internationally renowned research in numerous areas of cybersecurity.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

Absolute IT Asset Disposals

Absolute IT Asset Disposals

Absolute IT Asset Disposals is an IT asset disposal (ITAD) company providing safe and secure recycling of IT assets.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

ITButler e-Services

ITButler e-Services

At IT Butler, our mission is crystal clear: we are dedicated to providing top-tier cybersecurity solutions and best-practice methodologies to secure and enhance your digital infrastructure’s resilienc