Recently we were tasked with an investigation for a Pharma client. The client was concerned that a former employee may have stolen and taken data to a competitor. The forensic team visited the site, collected the laptop, preserved the laptop and started the investigation. What they identified was a surprise to the client.
The team ran keywords over the data. Whilst this was running, they identified evidence that the computer user – 4 days before his departure – had copied spreadsheets containing sensitive info about tenders and customers. As expected, we relayed the findings to the client, and they wanted to dig further and see what else we could unearth; therefore, they granted us access to the user’s mailbox to see if there was further evidence of data exfiltration.
Once the keyword search had been completed, we logged the results and spoke with the client. This is where the surprise came; the computer user (ex-employee) came from a Pharma competitor two years ago, copied data off their systems, and placed a copy on our client’s infrastructure. Tender and clinical trial info was taken – this shocked the client, and the legal team got involved. Litigation is ongoing, and what started as a routine investigation morphed into a significant legal case.
The client has now requested Valkyrie to work on lowering the risk of this happening again. As with most sectors, employees often move between employers without issues, and the pharmaceutical field is no different. However, some individuals leave disgruntled for whatever reason and may use any edge they have to gain a competitive advantage.
We discussed with the client that technology had enabled organisations and individuals to store vast amounts of info, and because of this, access to this info must be made available. We discussed in detail with them a comprehensive approach, and it’s not just the laptops that need to be looked at, but the whole infrastructure to ensure the data is secure and a transparent audit process is in place to see who has accessed the data.
It was essential to show what risks there are for our client as this will lower the risk of a security breach in the future. As a business, you need to have backups and a solid incident response plan that relies on technology, people, and processes to ensure that a layered approach works as best as possible. The company culture needs to take security seriously. You must ensure that you/your staff know the reality of cyberattacks and the importance of protecting data. The best way to approach cybersecurity is to be proactive instead of reactive. The matter is still ongoing – let’s see what else we uncover.