Carelessness Is Just As Risky As Deliberate Exfiltration

Uploaded on 2017-08-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers, TECHNOLOGY--Resilience

The so-called Panama Papers exposed 2.6 TB of information that threatened the reputations and privacy of many of the world’s richest and most powerful figures. If you thought this kind of incident would teach people to be more careful with their sensitive data, you’d be wrong. Very wrong.

You may recall that back in 2015, an anonymous source hacked an email server, exfiltrated data from Mossack Fonseca and passed it to the International Consortium of Investigative Journalists. 

The 11.5 Million documents showed the rampant use of offshore businesses by many wealthy individuals. Journalists from over 107 organisations from 80 countries analysed the documents for more than a year and covered the breach in excruciating (and often humiliating) detail. This information exposed by the Panama Papers was the handiwork of hackers.

Although cyber criminals continue to steal, sell and dump data every day, incredibly, an increasing amount of personal and corporate information is left exposed simply by accident.

Accidents All Too Common
With more of our activities moving online, the growing use of mobile devices, cloud applications and complexity of enterprise IT infrastructure, accidental data exposure is all too common. While large, sophisticated multi-nationals invest millions in cyber security, many third parties with sensitive information often do not have the teams or technology to stay ahead of fast evolving threats.

Unlike the original Panama Papers where data was hacked and exfiltrated, we detected a server that was accidentally exposing 52,000 documents including Know Your Customer applications, bank statements, wire transfers, company formation documents and scans of passports. None of this information is part of the original Panama Papers leak.

Unlike the Panama Papers which were provided to journalists, these documents could already be in the hands of criminals who could use them to blackmail, hold ransom or initiate other crimes.

Risk & Responsibility
Today’s attackers are focused, better armed and more organized. An underground economy exists to outsource attacks, reduce costs and allow more people with lower technical skills to launch more powerful attacks. In addition, with more of our data scattered across more servers, applications and companies, all it takes is one open window or one weak link.

Any device left open, using known TCP or UDP sharing ports, will be scanned by different threat actors several times a week. The number of hours that information is left exposed will magnify the amount of times data gets captured, and disseminated then used, sold and traded in the underground markets. Individuals and organisations must take more responsibility for managing this risk and preventing theft. Data breaches covered by stiffer compliance regulations and breach notification laws are not just cutting short CEO careers, they are costing companies millions.

Companies must monitor for exposure , not only the network perimeter, but also the cloud, IT shadow and third parties, across the deep and dark web , so when it does happen, they can be alerted and respond faster, before more damage is done.

Previous generations recognised Panama as the place where man overcame great obstacles to trade and transport. What will today’s and future generations learn from what happened in Panama last year? Sadly, so far, apparently not much.

Medium:

You Might Also Read:

Biggest Data Leak Ever Exposes World's Most Rich & Powerful:

Search It Yourself: Panama Papers Database Goes Public:

 

« N. Korea Targets S Korea’s Bitcoin Exchange.
US Warship Collisions Raise Cyber Attack Questions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

DeviceLock

DeviceLock

DeviceLock is a leading provider of endpoint device/port control and data leak prevention software.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

UpGuard

UpGuard

UpGuard's discovery engine brings visibility to complex IT environments, enabling teams to identify risk, confirm compliance and make business safer.

Venable

Venable

Venable is an American Lawyer 100 law firm with nine offices across the USA, Practice areas include Cybersecurity.

Reblaze Technologies

Reblaze Technologies

Reblaze provides the world’s best security technologies in a cloud-based website security platform.

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

Touchstone Security

Touchstone Security

Touchstone Security is a company with a passion for technology, a hyper-focus on cybersecurity, and a special affinity for cloud technology.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

Systal Technology Solutions

Systal Technology Solutions

Systal is a global managed network and security service and transformation specialist. We help enterprise-level businesses maximise the security and business value of their complex IT infrastructure.

Cyber News Live (CNL)

Cyber News Live (CNL)

Cyber News Live provide vital information and raise awareness about all things 'cyber' to ensure you stay protected in the digital world.

SecureFlag

SecureFlag

SecureFlag is dedicated to enhancing secure coding across all technical profiles within the Software Development Lifecycle.