Carelessness Is Just As Risky As Deliberate Exfiltration

Uploaded on 2017-08-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers, TECHNOLOGY--Resilience

The so-called Panama Papers exposed 2.6 TB of information that threatened the reputations and privacy of many of the world’s richest and most powerful figures. If you thought this kind of incident would teach people to be more careful with their sensitive data, you’d be wrong. Very wrong.

You may recall that back in 2015, an anonymous source hacked an email server, exfiltrated data from Mossack Fonseca and passed it to the International Consortium of Investigative Journalists. 

The 11.5 Million documents showed the rampant use of offshore businesses by many wealthy individuals. Journalists from over 107 organisations from 80 countries analysed the documents for more than a year and covered the breach in excruciating (and often humiliating) detail. This information exposed by the Panama Papers was the handiwork of hackers.

Although cyber criminals continue to steal, sell and dump data every day, incredibly, an increasing amount of personal and corporate information is left exposed simply by accident.

Accidents All Too Common
With more of our activities moving online, the growing use of mobile devices, cloud applications and complexity of enterprise IT infrastructure, accidental data exposure is all too common. While large, sophisticated multi-nationals invest millions in cyber security, many third parties with sensitive information often do not have the teams or technology to stay ahead of fast evolving threats.

Unlike the original Panama Papers where data was hacked and exfiltrated, we detected a server that was accidentally exposing 52,000 documents including Know Your Customer applications, bank statements, wire transfers, company formation documents and scans of passports. None of this information is part of the original Panama Papers leak.

Unlike the Panama Papers which were provided to journalists, these documents could already be in the hands of criminals who could use them to blackmail, hold ransom or initiate other crimes.

Risk & Responsibility
Today’s attackers are focused, better armed and more organized. An underground economy exists to outsource attacks, reduce costs and allow more people with lower technical skills to launch more powerful attacks. In addition, with more of our data scattered across more servers, applications and companies, all it takes is one open window or one weak link.

Any device left open, using known TCP or UDP sharing ports, will be scanned by different threat actors several times a week. The number of hours that information is left exposed will magnify the amount of times data gets captured, and disseminated then used, sold and traded in the underground markets. Individuals and organisations must take more responsibility for managing this risk and preventing theft. Data breaches covered by stiffer compliance regulations and breach notification laws are not just cutting short CEO careers, they are costing companies millions.

Companies must monitor for exposure , not only the network perimeter, but also the cloud, IT shadow and third parties, across the deep and dark web , so when it does happen, they can be alerted and respond faster, before more damage is done.

Previous generations recognised Panama as the place where man overcame great obstacles to trade and transport. What will today’s and future generations learn from what happened in Panama last year? Sadly, so far, apparently not much.

Medium:

You Might Also Read:

Biggest Data Leak Ever Exposes World's Most Rich & Powerful:

Search It Yourself: Panama Papers Database Goes Public:

 

« N. Korea Targets S Korea’s Bitcoin Exchange.
US Warship Collisions Raise Cyber Attack Questions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

City Security Magazine

City Security Magazine

City Security magazine helps promote best security practices and keep businesses informed on a wide variety of security-related issues.

HDI

HDI

HDI is the worldwide professional association and certification body for the technical service and support industry.

Xcitium

Xcitium

Xcitium (formerly Comodo) is and industry leading provider of state-of-the-art endpoint protection solutions. Our Zero threat platform isolates and removes all ransomware & malware infectictions.

Zimperium

Zimperium

Zimperium offers enterprise class protection for mobile devices against the next generation of advanced mobile attacks.

Alan Boswell Group

Alan Boswell Group

We are a Group of Companies providing specialist Insurance Broking and Risk Management advice and services including Cyber Risk cover.

Purple Security

Purple Security

Purple Security arises from the association of specialists in offensive security (ethical hackers, white hats) and experts in insurance, compliance and implementation of industry standards.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Ministry of Information and Communications (MIC) - Vietnam

Ministry of Information and Communications (MIC) - Vietnam

The Ministry of Information & Communications of Vietnam is the policy making and regulatory body in the field of information technology and national information and and communication infrastructure.

AirITSystems

AirITSystems

AirITSystems offer companies comprehensive IT security solutions that take all security considerations into account and are tailored to your business.

Pragma Strategy

Pragma Strategy

Pragma is a CREST approved global provider of cybersecurity solutions. We help organisations strengthen cyber resilience and safeguard valuable information assets with a pragmatic approach.

Mainstream Technologies

Mainstream Technologies

Mainstream Technologies is an information technology services firm specializing in custom software development, managed IT services, cybersecurity services and hosting.

Laminar

Laminar

Laminar provides the only Public Cloud Data Protection solution that provides full visibility and enforcement capabilities across your entire public cloud infrastructure.

Clearnetwork

Clearnetwork

Clearnetwork specializes in managed cybersecurity solutions that enable both public and private organizations improve their security posture affordably.

Druva

Druva

Druva is the industry’s leading SaaS platform for data resiliency, and the only vendor to ensure data protection across the most common data risks backed by a $10m guarantee.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Jitterbit

Jitterbit

Jitterbit integrates critical business processes and enables application development to deliver the experiences and insights needed by enterprises of all sizes to accelerate their digital journey.