Do The #PanamaPapers Make All Law Firms A Target?
The massive haul of data from the Mossack Fonseca Panama Papers breach includes over 2.6 terabytes of data, the largest known breach in hacking history.
Information is coming to light on how a global collection of journalists and technologists managed and extracted knowledge from this collection of data, including information on the tools the journalists used to exploit and manage the data.
Additionally, it is pretty clear that Mossack Fonseca did not exercise good security practices. Their emails were not encrypted, its websites had many vulnerabilities, which could have contributed to exploitation, and, perhaps more importantly, Mossack Fonseca did not have a means to detect the movement of all this data out of their enterprise. But still, the actual method of attack and data extraction is not yet known, and we might never know.
But still there is information we can assess relevant to the threat to organizations, especially law firms. At this point we believe it is prudent for all law firms to ask themselves a few questions:
Will hacking groups think all global law firms are as bad as Mossack Fonseca and therefore target them in new, more persistent ways?
- Are your defenses optimized?
- Do you have an insider threat program?
- Are incident response plans tested?
- Are strategic communications plans in place?
- What can be put in place to provide warning of attack?
- Is it time for an external verification of security?
We will continue to track this situation and report on any insights relevant to the threat.
TheBrief: http://bit.ly/20T6ZJh