Companies investigating hacks put too much emphasis on technology and too little on business analysis. Organizations should look closely into accounting anomalies as they could be indicators of a breach. In an article by Dune Lawrence in Bloomberg Businessweek, Jeffrey Johnson, President & CEO at SquirrelWerkz and recent presenter at The U.S.-China Economic and Security Commission (USCC) said “All this time we’ve been focused on the technology layer, but it’s just a means to an end.” “What we forgot to do was to focus on the business transactions.” In 2012, Johnson was asked to examine a breach at a U.S. chemical company. An earlier investigation by the FBI concluded that Chinese hackers had penetrated the company’s network using a phishing email and gained control of servers.
Dune Lawrence explained that as Johnson began digging into the company’s business plans and operational data, it became clear the damage was more extensive and insidious. He uncovered evidence that the hackers were intercepting inbound orders, as well as outbound e-mails with price quotes and other terms. They also tampered with the ordering system for raw materials, causing production delays, and made off with valuable research related to a line of environmental products. The likely beneficiary of all the malicious activity emerged, Johnson says, when a Chinese firm made a low-ball offer for the U.S. company after its performance began faltering as a result of the hack.
Look closely at each financial statement line item for anomalies and ask for professional help to investigate if something seems to be amiss.