Touted as “history’s biggest data leak”—with over 2.6 terabytes of information compromised—the “Panama Papers” is one recent data breach that has drawn a great deal of press over the past few weeks. Over 11 million documents were leaked from a renowned Panamanian law firm, Mossack Fonseca, which specializes in offshore holdings. The firm claims their email server was breached, which compromised the files. The papers were obtained by a German newspaper, shared with International Consortium of Investigative Journalists (ICIJ), and revealed over 200,000 offshore companies. It is not yet clear how many of these holdings are facilitating illegal or unlawful activity.
The big question many are asking is, “How did this happen?”
Recent reports show that the law firm’s website was running an outdated WordPress plugin, as well as a vulnerable version of Drupal, but there are still investigations about the matter happening around the globe.
Below, we’ve laid out three of the most common ways nearly every recent data breach has taken place and provided some tips on mitigating these risks.
Breach Technique #1: Data is compromised because of an insider.
This is typically an employee (or former employee) who either intentionally or unintentionally removes sensitive documents or data, which ends up in the wrong hands. This can be a vindictive act, an act of whistleblowing, or something as simple as losing a company laptop or USB drive with sensitive information.
To mitigate this risk: monitor the percentage of employees with “super user” access.
Your goal should be to only provide employees with the level of network access they absolutely need to complete their daily tasks. The majority of employees at most organizations will not need access to the whole network—so it’s very important to pay attention to who has this kind of access and whether it’s necessary. Reducing unnecessary privileges is a great way to reduce risk.
“Yes” or “no” questions won’t help you better understand your vendors’ (or your) cybersecurity posture—but actionable metrics will.
Breach Technique #2: Data is compromised due to an external threat.
This is when a malicious actor exploits a vulnerability in the network and is able to access data. For example, a bad actor could send a spear-phishing email that contains malicious code buried in the attachment. If an employee opens the attachment and downloads the malware onto their system, the bad actor is able to escalate his privileges and bury himself deeper inside the organization to gain the sensitive data he’s looking for.
To mitigate this risk: monitor the number of unpatched known vulnerabilities.
Some bad actors will focus on one particular known vulnerability—whether it’s Heartbleed, LogJam, Freak Attack, or another—and work very hard to exploit it wherever they are able. Therefore, it’s extremely important to patch these network vulnerabilities as quickly as you know about them so you’re less susceptible to these types of attacks. Due to the reports of Mossack Fonseca’s website vulnerabilities, it is likely their data breach falls in this category.
Breach Technique #3: Data is compromised because of an attack targeting your contractor or supply chain.
This is when a bad actor has been able to break into a third party in any way—say, through a spear-phishing email or an insider—and gain access to your data sitting on their network. Often, the first-party organization is unaware that their information has been compromised until months into the hack.
To mitigate this risk: keep track of how many of your critical vendors are continuously monitored.
There are a number of important steps you need to comprise a comprehensive vendor risk management policy, including questionnaires, audits, penetration tests, and vulnerability scans. But these practices don’t give you any insight into what is going on with your third parties each and every day of the year. In today’s risk landscape, the mantra is (and always should be) “Trust, but verify.” Continuous monitoring solutions give you the tools you need to make data-informed cybersecurity decisions.
If there’s one thing you can glean from the whole of recent data breaches—including the Panama Papers, it’s this: You can’t leave your cybersecurity posture to chance. Data is shared with too many third parties and is housed in too many places not to take every precaution available. (If you want to take even more actionable steps toward better cybersecurity, the guide below will help you!)
