Do The #PanamaPapers Make All Law Firms A Target?

The massive haul of data from the Mossack Fonseca Panama Papers breach includes over 2.6 terabytes of data, the largest known breach in hacking history.

Information is coming to light on how a global collection of journalists and technologists managed and extracted knowledge from this collection of data, including information on the tools the journalists used to exploit and manage the data.

Additionally, it is pretty clear that Mossack Fonseca did not exercise good security practices.  Their emails were not encrypted, its websites had many vulnerabilities, which could have contributed to exploitation, and, perhaps more importantly, Mossack Fonseca did not have a means to detect the movement of all this data out of their enterprise. But still, the actual method of attack and data extraction is not yet known, and we might never know.

But still there is information we can assess relevant to the threat to organizations, especially law firms. At this point we believe it is prudent for all law firms to ask themselves a few questions:

Will hacking groups think all global law firms are as bad as Mossack Fonseca and therefore target them in new, more persistent ways?

  • Are your defenses optimized?
  • Do you have an insider threat program?
  • Are incident response plans tested?
  • Are strategic communications plans in place?
  • What can be put in place to provide warning of attack?
  • Is it time for an external verification of security?

We will continue to track this situation and report on any insights relevant to the threat.

TheBrief: http://bit.ly/20T6ZJh

« DARPA Has Invented The Ultimate Cyber Security
The First Ghost Ship In The US Robotic Navy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

Verisec International

Verisec International

Verisec International AB is a Swedish Tech company focused since inception in enabling Trust in Digital Transactions, through the development of proprietary cutting-edge technologies and services.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

TechInsurance

TechInsurance

TechInsurance is America's top technology insurance company offering a range of technology related products including Cyber Liability insurance.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

Skurio

Skurio

Skurio create cost-effective, intuitive and powerful Cloud based solutions to identify threats, detect data breaches outside the network and automate the response.

CyberTech Network

CyberTech Network

CyberTECH is a global cybersecurity, Internet of Things (IoT) and Smart City network ecosystem and incubator operator.

AlertSec

AlertSec

AlertSec Ensure is a U.S. patented technology that allows you to educate, verify and enforce encryption compliance of third-party devices.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Security & Intelligence Division (SID) - Singapore

Security & Intelligence Division (SID) - Singapore

Security & Intelligence Division (SID) protects Singapore from external threats and safeguards its interests in areas related to terrorism, cyber security, other transnational threats, and geopolitics

Spyderbat

Spyderbat

Spyderbat ATI closes the manual investigation gap between detection and response by instantly presenting causally connected threat activity to security analysts at the onset of an investigation.

CentriVault

CentriVault

CentriVault is a leading independent provider of Cyber Security and Data protection services to small and medium enterprises (SMEs).

Thoropass

Thoropass

Thoropass (formerly Laika) helps you get and stay compliant with smart software and expert services.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

Cipher Net Shield

Cipher Net Shield

Cipher Net Shield specializes in secure E-wallet solutions with a strong focus on blockchain and cybersecurity, prioritizing both transaction security and the recovery of lost capital.