The State of Security: Panama Gate
It’s already being christened by Ed Snowden as the biggest data breach ever in data journalism, the 2.6 terabyte leak of the Panama Papers that exposes the ugly, shadowed underbelly of a globalized corporate finance system. Already, Icelandic Prime Minister Sigmundur Gunnlaugsson has resigned after being named in the documents. Debates will rage about whether the system as a whole is broken, investigations will occur into the individuals and companies named, all while more and more of the 11.5 revealing documents are examined and reported over the coming months.
What it also reveals, and what is likely to be less discussed, are the security implications of this event. The firm that was breached, Panama offshore firm Mossack Fonseca, was involved in apparent tax evasion and money laundering from wealthy, high powered elites; as such, you would expect protection for the firm’s customers to be a first rate, impregnable shield, akin to the infamous image of the Swiss bank account. Make no mistake, this is not a defense of anyone caught doing anything illicit from this data dump, but only a musing on what it might mean for other organizations worldwide.
Other law firms have taken particular note of recent events, especially as the Panama Papers comes on the heels of a spree of attacks on 48 prestigious law firms last month, including Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP: firms that have as clients Wall Street banks and Fortune 500 companies. Others were also compromised, and hackers threatened to attack even more online, despite a lack of clarity of how extensive the breaches were and what information was stolen. Perhaps insider trading was the goal, as firms hold sensitive information about their corporate clients, such as details about mergers and acquisitions. Either way, Benedict Hamilton, a managing director at risk consultant Kroll Experts, believes that law firms need to significantly improve their defenses, and that they’re not doing nearly enough as it stands. Philip Lieberman, president of Lieberman Software, gives credit to some entities with “excellent automated and adaptive cyber defence capabilities,” and indeed 75 firms have joined an information-sharing group to disseminate information about cyberthreats and other vulnerabilities begun last year; still, “many are stuck in the dark ages of wigs, candles to read by, and quill pens to write with.”
I guess the main takeaway from all this is, no matter who you are—whether a head of state or an everyday consumer—no one is safe. It is incumbent on an organization to optimize their defense to protect whatever information has been entrusted to them; moves like those taken by Whatsapp, who recently reinforced their encryption settings in the wake of the Apple debate, underscore the priority this need should take. Wealth, fame and power are not only insufficient obstacles for hackers, they may even put the bullseye on one’s back.