Too Big for a Cyberattack?

*Company A* invested 500 million euros to find the vaccine for *disease X*. You turn around and hire a group of hackers for $50,000 to go and steal *Company A's* data on the *disease X* vaccine. You release the product and patent your *"invention"*. You have exclusive rights to sell the vaccine for 10 years. You'll earn astronomical revenue from selling *"your"* vaccine without having had to spend 500 million euros. Your profit margin is extraordinary.

Here is the scenario that Bayer's senior management dreads. The global chemical and pharmaceutical giant was the victim of a cyberattack.

While it's hard to say with certainty that the attack was ordered by a particular group, China is currently the number one suspect. There's speculation because the tool used was Winnti, a tool widely used by the APT group, which is funded by the Chinese government as part of its industrial espionage program.

The good instincts of Bayer's IT team allowed them to discover the infection quickly and eradicate it completely from the network. According to their analysis, there were several simultaneous points of infection, which generally indicates that this attack was targeted. However, it remains to be determined whether any collateral damage was done, and whether there are exploits of still-unknown vulnerabilities flying under the radar.

Even though this story seems to come straight out of a movie, the fact remains that an attack, targeted or not, is very real. Taking basic security measures is always the first step. You can generally prevent 90% of attacks with a basic investment in employee training and a company's security tools.

*#### – Matt @ MMO Techno*