Skip to content

Entrepreneur Academy

Sep 1, 2022

Cybersecurity poses a significant risk to life sciences startups that handle personal identifiable information. In this video, you’ll learn about the risks facing your business and how you can protect your clients and systems.


Rahul Mahna:

By way of background and introduction, my name is Rahul Mahna, and I'm the managing director of the cybersecurity practice at EisnerAmper. What is my job? My job is essentially to protect our clients from the bad guys. In particular, today, I want to talk about life sciences. Life sciences is a very interesting sector that we're seeing a lot of different traffic in. Cybersecurity remains the highest element of risk that many of these organizations face today. Building a cyber resilience program is more important than ever, but it's also important to know who you're trying to protect your systems from.

Right now, the bad guys are coming from all over the world. You see them as hacktivists, hackers with political agendas. You see them as nation state actors with countries that don't seem to like the US and others trying to attack in different methods and means. You see organized crime with gangs and mobs that are trying to do illicit methods and things on the internet.

There's no place it stops or starts for malware and ransomware at this point. Recent statistics provided by WatchGuard Security shows a malware attack happens every two seconds in the US right now. It's pretty amazing what's happening. When you look at who these attackers are trying to target, it's clear that the top four areas that keep coming up are health care, life sciences, financial services, and technology providers. In a recent attack, a hospital was targeted ruthlessly and demanded ransomware just to keep the emergency systems running regardless of the patient needs. Because life sciences is such a highly targeted vertical sector, it contains so much personal information, that hackers focus in on this sector like it carries gold.

One way hackers try to get access to personal information is through the dark web. The dark web is where usernames and passwords are compromised and they can be purchased and rented or sold. What an attacker can do with these compromised credentials is install malware on various systems, they can send spam from these email accounts and they can also deface website properties and host malicious content. They finally can exfiltrate data that they can find and perpetrate it as identity theft.

It's incredibly important for organizations focused in high profile sectors like life sciences to have a very, very strong cyber resilience program in place. Employee training is paramount to protecting an organization. Cybersecurity training, password training, education as an awareness of ransomware are just a few topic areas that are very, very essential. For the overall organization, there should be multiple layers of security and frequent risk assessments and vulnerability scanning performed to ensure these organizations are in proper tip top shape for their cyber program.

In conclusion, cybersecurity isn't just a function within your IT department. It could prevent truly significant operational reputational damage. If you have any questions or concerns, please feel free to start a conversation with us.

Entrepreneur Resource Hub

EisnerAmper’s Entrepreneur Academy “EA2” offers early-stage startups continuous learning opportunities—from fundraising to mitigating risk to growing their businesses.

View More Insights

What's on Your Mind?

a man in a suit

Rahul Mahna

Rahul Mahna is a Partner in the firm and leads the Outsourced IT Services team with over 20 years of experience in IT technologies, software development and cybersecurity services.

Start a conversation with Rahul

Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.