SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Experts discuss implications of massive Paradise Papers leak
Fri, 10th Nov 2017
FYI, this story is more than a year old

The recent news about the huge leak of financial documents has caused waves around the world.

Deemed the Paradise Papers, 13.4 million documents were pilfered and hence revealing how the powerful and extremely wealthy (including some of interests related to President Trump, and the Queen's private estate) secretly invest monumental amounts of cash in offshore tax havens.

The stories that have emerged from the leak have only just scratched the surface, with many centred on how politicians, multinationals, celebrities and high-net-worth individuals use complex structures of trusts, foundations and shell companies to protect their cash from tax officials or hide their dealings behind a veil of secrecy.

CEO of web security company High-Tech Bridge, Ilia Kolochenko says this seems to be another major hacking case where intruders won't be found and prosecuted.

“Notwithstanding the allegations of wrong-doing offshore, a crime cannot be justified by investigation of unlawful activities. Victims should explore various legal avenues to claim damages, which may be quite significant,” says Kolochenko.

Global Security Advocate at Digital Guardian, Thomas Fischer says the implications from this leak are going to be severe and wide-reaching.

"Putting aside the fact that the leaked financial details appear to include information about the murky world of offshore finance, for the victims, this leak could have life altering or, at the very least, hugely distressing effects,” says Fischer.

“Ultimately, the breach could trigger serious legal repercussions against Appleby. Data protection should be of the utmost importance in these businesses and yet we have seen a growing number of data breaches in law firms in recent times.

Kolochenko says law firms in particular have become a very attractive target for cybercriminals.

“Hacking of their clients is quite costly, will likely be detected and investigated, and almost certainly will cause very serious counter-actions. Many law firms still carelessly rely on the law for data protection, but this is in vain,” says Kolochenko.

“Paucity of financial resources and lack of qualified personnel preclude law enforcement agencies from investigating and prosecuting the vast majority of crimes committed in digital space. This creates a very dangerous atmosphere of unlawfulness and impunity in the Internet, undermining trust in the government and its ability to protect our society.

Both experts say this leak is indication for companies to reconsider their security strategies.

“This latest case reinforces the need for “data aware” security technologies in the legal sector. If Appleby had such technologies in place, it could have prevented its most sensitive data from being copied, moved or deleted without approval or permission,” says Fischer.

“Companies must learn from incidents like this and apply the right methods of protection to their IT environment, with the ability to apply security at the data-level being at the core.

Kolochenko says this reinforces the need for “data aware” security technologies in the legal sector.

“It may be a good moment to think about imposing obligatory data security standards on law firms and practicing attorneys,” Kolochenko says.

“Their data deserves at least the same level of protection as data of companies under PCI DSS or HIPAA compliance. Otherwise, visiting attorneys will become a very risky practice."