Story image

Experts discuss implications of massive Paradise Papers leak

10 Nov 2017

The recent news about the huge leak of financial documents has caused waves around the world.

Deemed the Paradise Papers, 13.4 million documents were pilfered and hence revealing how the powerful and extremely wealthy (including some of interests related to President Trump, and the Queen’s private estate) secretly invest monumental amounts of cash in offshore tax havens.

The stories that have emerged from the leak have only just scratched the surface, with many centred on how politicians, multinationals, celebrities and high-net-worth individuals use complex structures of trusts, foundations and shell companies to protect their cash from tax officials or hide their dealings behind a veil of secrecy.

CEO of web security company High-Tech Bridge, Ilia Kolochenko says this seems to be another major hacking case where intruders won’t be found and prosecuted.

“Notwithstanding the allegations of wrong-doing offshore, a crime cannot be justified by investigation of unlawful activities. Victims should explore various legal avenues to claim damages, which may be quite significant,” says Kolochenko.

Global Security Advocate at Digital Guardian, Thomas Fischer says the implications from this leak are going to be severe and wide-reaching.

"Putting aside the fact that the leaked financial details appear to include information about the murky world of offshore finance, for the victims, this leak could have life altering or, at the very least, hugely distressing effects,” says Fischer.

“Ultimately, the breach could trigger serious legal repercussions against Appleby. Data protection should be of the utmost importance in these businesses and yet we have seen a growing number of data breaches in law firms in recent times.”

Kolochenko says law firms in particular have become a very attractive target for cybercriminals.

“Hacking of their clients is quite costly, will likely be detected and investigated, and almost certainly will cause very serious counter-actions. Many law firms still carelessly rely on the law for data protection, but this is in vain,” says Kolochenko.

“Paucity of financial resources and lack of qualified personnel preclude law enforcement agencies from investigating and prosecuting the vast majority of crimes committed in digital space. This creates a very dangerous atmosphere of unlawfulness and impunity in the Internet, undermining trust in the government and its ability to protect our society.”

Both experts say this leak is indication for companies to reconsider their security strategies.

“This latest case reinforces the need for “data aware” security technologies in the legal sector. If Appleby had such technologies in place, it could have prevented its most sensitive data from being copied, moved or deleted without approval or permission,” says Fischer.

“Companies must learn from incidents like this and apply the right methods of protection to their IT environment, with the ability to apply security at the data-level being at the core.”

Kolochenko says this reinforces the need for “data aware” security technologies in the legal sector.

“It may be a good moment to think about imposing obligatory data security standards on law firms and practicing attorneys,” Kolochenko says.

“Their data deserves at least the same level of protection as data of companies under PCI DSS or HIPAA compliance. Otherwise, visiting attorneys will become a very risky practice."

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.