Interviews

Panama Papers view

by Mark Rowe

The recent Panama Papers leak should spur boards to reconsider the safeguards they have in place to protect their business critical data, says a secure IT hosting company.

The huge data leak at the start of April saw the offshore law firm, Mossack Fonseca, lose 11.5m files, constituting 2.6 Terabytes of data, after hackers breached its systems. Analysis of the breach suggests that the breach was likely the result of unpatched content management systems (CMSes) which would have exposed the law firm’s private data and rendered it vulnerable to hacks, says The Bunker.

According to Phil Bindley, CTO at The Bunker, the fact that the fourth biggest offshore law firm in the world failed to follow basic security procedures indicates that boards are yet to fully grasp the importance of good information security hygiene.

Phil said: “The Panama Papers are significant for the sheer scale of the leak and the high profile nature of its contents, but the fact is that Mossack Fonseca is just the latest in a long line of companies to have fallen foul of hackers. Despite the resources at their disposal and the sensitivities surrounding the law firm’s line of business, it appears that basic errors were made. What does this tell us about the gap in thinking that still seems to exist in the boardroom even at the world’s fourth biggest offshore law firm? Either boards are failing to listen to information security professionals, or security experts are failing to deliver the right messages.

“Data is the most precious asset of all organisations, from the Intellectual Property (IP) on which their businesses are built, to the Personally Identifiable (PI) data that they hold on behalf of their customers. Some forward thinking businesses have even started to capitalise this data and put it on the balance sheet. This then becomes something that can be valued and protection of said data becomes an exercise in risk management that can be more easily explained to the CEO/CFO.

“Security and compliance is too often looked at as a box-ticking exercise, but the risk with that approach misses the point entirely. It’s not about satisfying the auditors; it’s about making businesses successful, and ensuring that they can continue to succeed. Information security enables businesses to be more competitive, manage risk, protect brand and allow innovation in a controlled manner.

“It is our duty as information security professionals to gain a greater understanding of why this exists and attempt until we are blue in the face to tell businesses why it is essential to have the right people, processes, technology and most importantly culture in our organisations to protect the business, but also to make it more profitable and to support growth in a controlled and sustainable manner.” Visit: www.thebunker.net.

Related News

  • Interviews

    Terror threat reviewed

    by Mark Rowe

    Simpler attacks, involving fewer people and less planning, are becoming more common – including against national security targets, as in Northern Ireland…

  • Interviews

    Hillsborough views

    by Mark Rowe

    After last week’s announcement of Sir John Goldring, the coroner presiding over the inquest into the death of 96 Liverpool supporters at…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing