Pharma exec credential breach

The online credentials for 68% of pharmaceutical executives analyzed for a study have been compromised recently.

The study, conducted by cybersecurity firm Blackcloak, found that the email accounts of over two-thirds of pharmaceutical executives had been compromised within the last five to ten years. Of the compromised emails, 57% were found on the dark web and had been either cracked or stored in plaintext format.

While the primary source (85%) of the email account information was a 2015 data breach of the professional social network LinkedIn, Blackcloak CEO Dr. Chris Pierson assigns much of the blame to weaker cybersecurity via personal devices and accounts belonging to executives, referring to it as “the path of least resistance” for hackers.

“Hackers and cybercriminals spot the opportunity to effortlessly gain access and control over the executives’ home network, enabling them to migrate into the company network from that point. Every day the executive brings their company home, where the security controls are nonexistent and weak ‒ so every night, their corporate networks and company are at risk for a cyberattack,” wrote Pierson.

C-suite executives have been a frequent target for hackers and scammers, but Pierson identified some vulnerabilities specific to the pharmaceutical industry.

“In the pharmaceutical world, executives appeared to move from job to job across a tier of companies and with this they brought their old passwords with them and showed consistent use over a period of sometimes 15 years of same and/or similar passwords,” wrote Pierson.