Aside from exposing the way that the rich and famous manage their finances to avoid paying their fair share of taxes, the Paradise Papers for me highlights another issue. An issue that has not really been discussed in any depth by the media, I would assume that it is because it is not as exciting but is of fundamental importance to us all. An issue that is prevalent in many companies… Data Leakage!
Appleby tell us that the leak was due to ‘unauthorised outside forces gaining access to their network to steal data' and it looks like the media simply accepted that to be the case. In my opinion, this breach, given the sheer volume of data exposed was most likely performed by an insider, not some ‘State Funded Hacker Group' or a ‘Dark Net Operator' intent on exposing the personal finance arrangements of the top one percent but an individual within Appleby who, rightly or wrongly, had access to all of this data and felt that it should be exposed to the world.
This raises several questions, as it should for all organisations, including Appleby itself about how you manage, control and report on access to your sensitive data.
Why don't I know this already?
It has long been the case that anything to do with Security, Access Rights Management and Networking systems would fall directly at the feet of the IT Department within an organisation. I have heard the following comment many times over the years ‘Oh that's IT' or words to that effect. What we need to accept is this is not an IT issue, it is a business issue. I believe this is why we are still asking the same questions over and over because the business does not understand the importance of and how to secure their most precious possession, their data.
Given the ability to use the rights tools, IT will build a solution to help the business fix the issue of uncontrolled Access Rights Management but it still remains a business issue.
With GDPR and the UK Data Protection Bill getting a lot of airtime in the media it does seem that we are turning a corner in regards to awareness at senior levels of business and this can only be a good thing for everyone.