Pharmaceutical companies are prime targets for cybercriminals, which is attributed to the large amounts of sensitive and personal data they collect and store. This data is also incredibly valuable as it is often related to pharmaceutical and medial advances, technologies, and sensitive patient information. Additionally, the industry follows strict privacy guidelines regarding the safeguarding of protected health information (PHI) which highlights the need for an effective cybersecurity strategy against pharmaceutical cyber threats. Of course, data breaches are not the whole problem for the pharmaceutical sector, human error can also be devastating.
As companies worldwide continue to embrace digital transformation, pharmaceutical cyber threats continue to adapt and evolve, making cybersecurity and risk mitigation top priorities across the industry. According to statistics, 89% of healthcare organisations have experienced data breaches (with nearly half of them suffering multiple attacks each year). The ongoing pandemic has only escalated cybercriminals’ focus to the industry. It has never been more important to have the right security measures in place as cybercriminals seek to interfere with and take advantage of the research and development of COVID-19 medicine and vaccinations.
Cybersecurity threats faced by pharmaceutical companies in 2021
Intellectual Property Theft
One of the major pharmaceutical cyber threats in 2021 is Intellectual Property theft. This is because, as these companies move toward increased digitisation and the storing of more valuable data online, they are becoming more attractive targets. Distributed networks and acquisitions can create security challenges because sometimes the acquisition targets do not possess adequate security infrastructures. Such acquisitions need to consider best practices as part of connecting to an already complex digital web. Pharmaceutical enterprises often lack visibility, data control, access auditing and compliance reporting throughout their networks and this needs to be tackled.
Cyber espionage and state-sponsored attacks
Pharmaceuticals are prime targets for nation state-sponsored hackers as they own crucial intellectual property on new drugs representing years of research & millions in investment. Cyber espionage has been recognized as another major motivation for state-sponsored hackers attempting to gain technological advantage for their countries’ economies, hence the current debate surrounding the involvement of Chinese telecoms manufacturer Huawei in the rollout of the West’s new 5G mobile communications networks.
Pharma companies right now have to make a choice between evolving with the new era by building a digital organisation or risk becoming less competitive on the market as they fail to embrace this change. This new era of digital transformation also comes with the challenge that it will undoubtedly have a disruptive impact on the industry and the lack of clarity it holds. Digital transformation has resulted in more data than ever being collected and managed online, making the industry a more prominent target for cyber attacks. The process of delivering effective digital transformation and overcoming the related challenges is based on around the companies digital strategy, management and how it fits into the company’s overall activities.
According to Forrester, insider incidents whether they be accidental or malicious, will be a factor in a third of all data breaches in 2021. This will be caused by a combination of the evolution to remote working and the fear of job loss, and the ease with which data can be moved. Untrained employees are a challenge faced by all companies in the pharmaceutical industry. Damage from insider sources can be hard to detect because these threats encompass a wide range of behaviours and motives.
It could be an employee attempting to disrupt operations, looking to earn extra cash by selling data, or a well-intentioned employee who simply sidesteps a company policy to save time. Insider threats bring with them unique security challenges. These challenges stem from the fact that these threats are created by insiders in plain sight and as a result, are extremely difficult to detect. Unlike normal attackers, insiders did not need to “break in” because they already have access to the systems, networks and computers and have knowledge pertaining to the location of critical assets. Additionally, these insiders are already within the confines of the organisations thus making their illicit activities harder to detect via traditional detection methods.
IT/OT convergence and aging OT environments
Legacy software and hardware are typical in pharmaceutical manufacturing. Almost always, these OT devices and systems were not created with security in mind and were dependent on an air gap for separation. As digital innovation and business intelligence gains compel OT networks to converge with IT networks, OT networks are suddenly exposed to the entire threat landscape. These technology advances offer cyber criminals the opportunity to exploit inherited vulnerabilities.