The Panamanian legal firm Mossack Fonseca’s leak exposes a systemic security lapse. In revealing the obscenely wealthy businessmen and heads of states that used the firm to avoid taxes, the Panama Papers brings security awareness to the forefront. By releasing 2.6 terabytes of data, it highlights damage caused by a longstanding security void.
The staggering quantity smashes Edward Snowden’s record by 1,500 times. The amount divulged shows a complete absence of access management controls. The data included 11.5 million confidential documents, 4.8 million emails, three million database records, and 2.1 million PDF files. Next month, hacktivist plan to release the complete list of Mossack Fonseca’s clients. Their promise adds insult on top of the embarrassment and credibility loss. The leak magnifies the law firms’ unpreparedness even while representing the extremely wealthy.
Panama Papers Security Breach One Email Server
The BBC News reports for forty years Mossack Fonseca helped clients launder money and avoid taxes. The incident should trigger far-reaching changes to contain lawless firms and their customers. The monumental amount of data accentuates the importance of protecting customer data. Without access management controls, organizations are limited in preventing and remediating attacks. In this case, just one email server spilled all of the firm’s covert money laundering schemes.
What’s different about the largest cyber breach ever? Chelsea Manning and Edward Snowden’s WikiLeaks were ‘insider jobs’. The Panama Papers almost certainly resulted from external hacktivists.
Access Management Information Security Controls
Access management controls help prevent unauthorized collection, use, and distribution of information. It restricts and enforces access management governance and SoD policies. Access management provides an audit record and streamlines security reviews. It can remove access privileges automatically and in real time. Core Identity and Access Management security controls include the following capabilities:
Access Management: Notify managers, approvers, users and administrators in real-time of suspicious activity. Log access to systems, enterprise applications, and cloud services. Assert control over users and their requests based on rules and policies you configure.
Password Management: Improve security by immediately notifying employees and IT staff of suspicious activity. Additionally by logging every operation such as self-service password resets, assisted resets, account unlocks, enrollments, and de-activations your organization’s security becomes accountable.
Single Sign-On: Automate directory synchronization across your enterprise and cloud applications. Enable, deploy, and maintain your information security controls through an on-premise Directory. Ensure your accounts, groups and passwords are current; leverage your authoritative source directory.
Group Management: Automate group membership access to applications and email distribution based on business rules and security policies. Continuously, monitor group integrity, detect potential security exceptions as they happen and send notifications.
Access Certification: Reduce security threats by automating recertification access. Support on-demand and scheduled user lifecycle and event-triggered attestations certification and access reviews. Offer a secure configurable framework for managing and authenticating application logins.
Multifactor Authentication: Integrate two-factor and multifactor authentication into access management and password management controls. Add security to your applications without interrupting operations through one-time password tokens, SMS, questions, smart cards, and email authentication.
Orphaned Accounts: Detect and remove stale user accounts across Active Directory, LDAP, and relational database management systems outside of policies and security operations. Prevent the formation of a cyber attack beachhead on your networks.
Leadership and Information Security Controls
Ignorance of the law and ethics are inexcusable defenses. Ignorance of information security applies also. With billion-dollar money laundering enabling the wealthiest to hide graft and corruption, the Panama Papers reinforces the need for leadership accountability and information security controls. When heads of state and a nation’s wealthiest individuals circumvent laws to avoid taxes, they deny citizens of human services, modern transportation, quality schools, and a whole lot more.
All citizens are accountable for obeying tax laws. This money hopefully gets invested into the communities and countries where we live and work. For starters, it goes to national defense, health care, income security, debt, veterans, education, and law enforcement. When heads of state and a nation’s wealthiest individuals refuse to contribute, talented people with a cause will find a way to expose the truth. For every citizen, the best way to prevent a security breach of this magnitude is quite simple. Never engage in money laundering in the first place.
Begin your identity and access management initiative by following expert recommends for business process workflow automation, self-service administration and IT security. Start now with the most cost effective information security controls available to enterprises, government agencies, and universities.