The Panama Papers as released this past week are a really huge data dump, in fact one much larger in scale than that of Wikileaks, and the largest to date in history.
The project that resulted in this massive public disclosure, was essentially a cyber security lapse leading to a breach. Following the breach, data exfiltration was executed through leveraging a long known critical failure in the operating system and email servers that were used by the law firm, Mossack Fonseca.
Not only are the Panama Papers a stunning example of a hack that resulted in massive data exfiltration; thus consequently leading to a global reputation breach. But they are also representative of a slow to change cyber security environment in law firms, corporations and organizations globally.
Drupal, a widely used language for databases and other programs has been constantly been providing critical updates since it's inception. Users of Drupal have to make the choice to keep their systems up to date, or as in this case, not.
The utter lack of cyber security protocols like updating a server, or dealing with over 25 issued critical updates to the operating system/servers bring to mind other major hacks like the Target Corporation hack where 60,000 alerts were ignored by corporate IT staff. This is the opposite of what cyber security protocols would dictate.
Law firm IT staff need to be amongst the first to adopt these basics; but often times are not, and many international law firms have mediocre to poor network security. In that area, the Panama Papers could be any law firm, anywhere. The reputation loss suffered by the cyber security lapse and breach could be any law firm's clients, anywhere.
My company Digijaks has been working with clients for years to address the undeniable link between cyber security and reputation control. The Panama Papers simply serve as one more reason why these issues are so connected and so important to both people and organizations.