Whodunnit? The Real Question in the Offshore Financial Data Leak Story

Anthony Di Bello Yesterday's report of a massive data leak exposing the secrets of a vast offshore financial system that enables more than 100,000 of the planet’s richest and most well-connected citizens to avoid paying taxes poses a number of interesting questions. The media and the International Consortium of Investigative Journalists, to whom a flash drive containing the files was mailed, have had a field day pushing “massive data leak” and “offshore tax havens” headlines, but information security professionals know that the provenance of this data leak is potentially as big a story as politicians involved in scandalous relationships with African dictators.

Information security or internal investigations teams at the affected financial organizations may or may not have the analytics capability in-house to determine whether one of their employees working on a company machine copied a significant stash of their very private account holders’ personally identifying information (PII).

Ideally, having the capability to capture the data from that smoking thumb drive in a way that preserves the evidence would be an important first step. Then, investigators could forensically investigate the metadata, the header, and other hidden artifacts to pinpoint the culprit, and send them to jail.

Today’s news reminds us that internal threats can be equally damaging to an organization’s reputation as cyber attacks. Endpoint forensic and analytic capabilities should be at the top of every CISO’s must-have list.