If you read the news these days there always seems to be a new article about a data breach, virus or hacking threat. They are usually about large companies (remember Anthem’s identity theft breach where tens of millions of SSNs were stolen?) but multinational corporations aren’t the only ones being targeted. Even small to mid-sized companies get hit - we have seen an increasing number of targeted attacks at some of our very own biotech clients. There are two threats in particular I want to share:
CEO “Urgent Request” Email Scam
While your financial department is probably clever enough not to go sending millions of dollars to someone emailing them claiming to be a Nigerian Prince, what about a supposed request from a “CEO?”
We have had more than a dozen reports from various companies of a finance person receiving an email from what appears to be the CEO asking them to either wire money to an account that they provide via an attached document (or to send them the information needed to wire money). In the email it reads that it is an incredibly time sensitive or “critical” matter – they need to do this now and the CEO will explain the reason for the urgency later.
Fortunately each employee that received the email suspected something was not quite right and went to confirm with the actual CEO (who was understandably surprised). The emails had been spoofed by an outside party carefully crafted to look legitimate. In some of the emails, the request was for $40,000 (or more) - a costly mistake to be made without proper awareness. Since this is not a virus or malware, awareness is the best defense of this hoax. We highly recommend having discussions with your finance team about this threat and to always be on the lookout for suspicious emails or pop-ups of any type.
Hacker Group Targeting Biotechs and Pharmaceuticals
There is a hacker group out there (that I will not name) that has been focused on targeting companies in the healthcare and pharmaceutical industry. They are particularly interested in gaining knowledge of M&A deals or major market moving announcements of public companies – very lucrative knowledge for someone interested in stock trading or investing. When I first read an article about this hacker group, I assumed that their focus would be on large, Fortune 1000 companies - but this is not the case. Even small biotech companies and startups pose lucrative opportunities and have been starting to report attacks. The attacks to gain information have been coming in multiple ways - from creative spearphishing attempts, to using lure documents, to social engineering.
Due to the rise in these types of threats companies need to really start to put an emphasis on security. Just because you aren’t a Fortune 1000 company does not mean you are not a potential target. That is precisely why these hackers are targeting smaller (and unsuspecting) companies.
It’s time to take a step back and make sure you’re making all the reasonable precautions to protect the intellectual property and integrity of your company. Just installing some type of antivirus is not enough. A strategic approach will include enterprise class firewalls with Intrusion Detection System (IDS) abilities, secure wireless networks with properly setup guest and mobile access, managed antivirus/antimalware software, security updates to systems as well as end user awareness. A multipronged approach is your best defense and working with a knowledgeable IT partner is a great first step. To learn more about choosing an IT partner, check out our free guide: The Ultimate Small Business Guide to IT Outsourcing.