We all have heard about the Symrise ransomware attack, but we need to think that this might be, in my opinion, just the beginning of a full scale directed attack towards a specific Industry.

Looking into a battery of some of the major players in the same Industry as Symrise we could miss noticing that there are dangerous patterns of Behavior observed in that Industry that makes it a likely target for the Cyber-criminals.

Fig 1. - Behavior seen on 12 major companies within the same Industry and Region of Symrise at the SSC

Looking into the external view of this Industry Score we can see that, in average, the companies aren't top performers and they all share common problems.



The site Data Breaches refers to this incident the following way: “ According to Symrise, the perpetrators smuggled a virus into the company's network. Symrise does not provide any information on whether the data was encrypted as a result, as is customary in such attacks. "As far as we know, it is a criminal act with the intention of extortion," said a spokeswoman. Symrise works in conjunction with the State Criminal Police. It is not known what demands the hackers make.

So far, it is also unclear what consequences the attack will have outside the company. Symrise produces fragrances and aromas. Almost no consumer goods company, food producer, or cosmetics manufacturer can live without Symrise supplies. Customers include Danone, Coca-Cola, Henkel, Unilever, L’Oréal, and Nestlé. In addition to supplies for these companies, your data can also be affected by the attack.” Once more the need to understand that your surface of attack stretches beyond your perimeter is clearly highlighted in this case. No company is an isolated island unaffected by someone else’s Cyber-Security performance, we are all connected.

At last, but not least we would like the emphasize the ultimate need for companies like Symrise to have a coherent capability of Incident Response to control de damage and have their systems up and running the fastest possible. These attacks are massive, and a lot of data can be lost but the business needs to keep on going so being able to quickly respond to the incidents 24/7 is vital to these companies and their Supply Chain.