Paradise Papers - additional expert comments
November 2017 by Mark Sangster, VP and Industry Security Strategist at eSentire
The additional commentary from Mark Sangster, VP and Industry Security Strategist at cyber security company eSentire surrounding the Paradise Papers - 13.4M leaked documents (1.4TB worth of data) were obtained by German newspaper Sueddeutsche Zeitung and shared with the International Consortium of Investigative Journalists and a network of more than 380 journalists in 67 countries. The documents were published, revealing numerous leading politicians who were legally tax sheltering funds in offshore accounts.
Below are some additional comments from Mark:
"Law firms are privy to a myriad of confidential information that can be used to front run trades, evade prosecution or perhaps topple governments (or at least select politicians). Last year’s attack on Wall Street Law Firms Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP demonstrated how stolen information such as FDA filings and press releases could be used to front run trades.
The Paradise Papers represents the next evolution of the Panama Papers. Even tax law information can be monetized or weaponized by (self-proclaimed) ethical hackers. Even some sleepy law firm in a tropical paradise could house the type of information that can destabilize a government or ruin the career of elitist politicians and socialites.
The Paradise Papers should serve as a warning for law firms who have built a cyber practice based on a strategy of loss and recovery. All too many firms take out cyber insurance while retaining disaster recovery services to restore their data and infrastructure after an attack. No amount of insurance, back-up systems nor business continuity plans can put the genie back in its bottle.
This event, allegedly conducted by external hackers, could likely have been detected and mitigated. What ends in a business disrupting event often begins with the click on a harmless looking link. Sometimes it involves complex social engineering, credential harvesting and clandestine operations inside the network to locate and slowly exfiltrate valuable data.
The below simple steps should be applied today to improve its security rigor and protect against the rudimentary attacks that can lead to large scale breach events:
Reduce the threat surface:
Ensure patches are up-to-date
Configure IPS and Firewalls policies to reject information gathering events
Enforce acceptable use policies and couple those with continuous user education
Disrupt the tradecraft:
Deny known open-source tools used for external scanning
Change default configurations and passwords
Focus on patching the most exploitable vulnerabilities first