Penetration Testing and Cybersecurity for a Pharma Company
INDUSTRY
Healthcare
SERVICE
Cybersecurity
Black-box penetration testing
"Black-box penetration testing, social engineering and assistance with ISO 27001 and GxP compliance for a pharmaceutical company."
Black-box penetration testing, social engineering and assistance with ISO 27001 and GxP compliance for a pharmaceutical company.
The Client
The client was a multinational pharmaceutical company. With headquarters in Europe and over 50 branches all around the world, the company produces vital medicines that are sold globally. With human lives at stake, pharmaceuticals is one of the most regulated industries. Any threat to the client’s data integrity could endanger the lives of patients, so this industry demands the utmost in security.
What We Delivered
To check if the human factor was involved in the breach, our team used methods of social engineering. A phishing email campaign was sent across all 50 branches of the company to identify employees who use weak password protection and lack cybersecurity awareness. All information was gathered into a detailed report, which also contained instructions on how best to educate employees on cybersecurity.
In order to help the company comply with standards and regulations such as GxP and ISO 27001, we performed a two-stage security audit. It was a custom IP and infrastructure checkup tailored to this particular client, their industry requirements, internal systems, and business needs.
A team of cybersecurity specialists started with external black-box penetration testing to identify potential access points and take immediate measures to protect the system from the repeated breach.
Next, our team of cybersecurity engineers began internal penetration testing. Having access to the office and WiFi, we were able to reach the company’s core systems: ERP software, management team email boxes, and the servers. The vulnerabilities we discovered were sufficient to threaten the very existence of the company should a hacker perform any of a number of operations that could negatively impact their ability to control the budget and logistics, verify various operations, and access crucial sensitive information.
Outcomes & Impact
Our cybersecurity team provided the client with a list of potential weak spots and vulnerabilities along with a set of recommendations on how to eliminate the risks. These were later implemented by the client’s in-house IT team. We recommended the client introduce additional security measures and, with our guidance, their developers were able to strengthen the systems and pass the necessary security certifications.
Let's Build Something Great.
Tell us about your project — we'll find the right path forward.