Story image

Experts discuss implications of massive Paradise Papers leak

10 Nov 2017

The recent news about the huge leak of financial documents has caused waves around the world.

Deemed the Paradise Papers, 13.4 million documents were pilfered and hence revealing how the powerful and extremely wealthy (including some of interests related to President Trump, and the Queen’s private estate) secretly invest monumental amounts of cash in offshore tax havens.

The stories that have emerged from the leak have only just scratched the surface, with many centred on how politicians, multinationals, celebrities and high-net-worth individuals use complex structures of trusts, foundations and shell companies to protect their cash from tax officials or hide their dealings behind a veil of secrecy.

CEO of web security company High-Tech Bridge, Ilia Kolochenko says this seems to be another major hacking case where intruders won’t be found and prosecuted.

“Notwithstanding the allegations of wrong-doing offshore, a crime cannot be justified by investigation of unlawful activities. Victims should explore various legal avenues to claim damages, which may be quite significant,” says Kolochenko.

Global Security Advocate at Digital Guardian, Thomas Fischer says the implications from this leak are going to be severe and wide-reaching.

"Putting aside the fact that the leaked financial details appear to include information about the murky world of offshore finance, for the victims, this leak could have life altering or, at the very least, hugely distressing effects,” says Fischer.

“Ultimately, the breach could trigger serious legal repercussions against Appleby. Data protection should be of the utmost importance in these businesses and yet we have seen a growing number of data breaches in law firms in recent times.”

Kolochenko says law firms in particular have become a very attractive target for cybercriminals.

“Hacking of their clients is quite costly, will likely be detected and investigated, and almost certainly will cause very serious counter-actions. Many law firms still carelessly rely on the law for data protection, but this is in vain,” says Kolochenko.

“Paucity of financial resources and lack of qualified personnel preclude law enforcement agencies from investigating and prosecuting the vast majority of crimes committed in digital space. This creates a very dangerous atmosphere of unlawfulness and impunity in the Internet, undermining trust in the government and its ability to protect our society.”

Both experts say this leak is indication for companies to reconsider their security strategies.

“This latest case reinforces the need for “data aware” security technologies in the legal sector. If Appleby had such technologies in place, it could have prevented its most sensitive data from being copied, moved or deleted without approval or permission,” says Fischer.

“Companies must learn from incidents like this and apply the right methods of protection to their IT environment, with the ability to apply security at the data-level being at the core.”

Kolochenko says this reinforces the need for “data aware” security technologies in the legal sector.

“It may be a good moment to think about imposing obligatory data security standards on law firms and practicing attorneys,” Kolochenko says.

“Their data deserves at least the same level of protection as data of companies under PCI DSS or HIPAA compliance. Otherwise, visiting attorneys will become a very risky practice."

Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.