2020 has been a year when pharma companies have been in the spotlight. The unprecedented COVID-19 pandemic, while shuttering offices and impacting lives across the globe, led to an immediate upsurge in interest for a potential vaccine. With much research and movement happening on the latter, the world’s attention has shifted towards pharmaceutical companies, who will be playing a key role in the development, packaging and distribution of this much-awaited vaccine.
At Seqrite, we had noted this early in the onset of the pandemic and had analyzed in May how the pharma industry faced a unique challenge in terms of cybersecurity – how could remote workforces in this industry operate while staying digitally safe? In an article published in 2019, a key challenge for the larger healthcare industry that was analyzed was the threats it faced from cyberattacks, including ransomware.
A recent spate of cyberattacks on pharma companies
The last few weeks have proved that these fears were not unfounded. In October, Hyderabad-based Dr. Reddy’s, a significant player in India’s pharmaceutical industry who recently got permission to conduct clinical trials for Russia’s Sputnik V vaccine, was hit by a ransomware attack. A few weeks later, Lupin, another pharma company from Mumbai, disclosed that it was hit by a cyberattack that affected its IT systems.
This is a worldwide trend with malicious cyberattackers, sometimes employed by nation-states, capitalizing on the worldwide focus on COVID-19 and looking to steal important data. US security officials accused Chinese government-linked hackers of targeting American biotech company Moderna which is also working on a vaccine. Japanese coronavirus vaccine projects have also been hit by cyberattacks while South Korea also reported that they foiled a North Korean attempt to hack into vaccine research companies.
These numbers are reflected in Seqrite’s Threat Report for Q3 2020 where healthcare ranked fifth in the list of industries in terms of malware detection count. Pharma is a particularly sensitive industry, more so in these times with the world’s hopes riding on a successful vaccine that can end the pandemic. Due to the sensitive and valuable nature of data possessed by pharma companies, the risk of cyberattacks via ransomware, Advanced Persistent Threats (APT), Insider Threats and others is high.
To ensure they give themselves the best chance of protection, pharma companies should ensure they are absolutely focused on their security mechanisms and take cybersecurity very seriously.
People, Processes & Technologies
Effective cybersecurity is managing the risks associated with three important components of an enterprise: People, Processes & Technologies. At this juncture, pharma companies must ensure they have a complete understanding of the present security structure within their respective organizations. Implementation of new processes and technologies can only happen when the present gaps, whether in terms of people or processes, are identified.
Data is a pharma company’s biggest asset and hence a key step would be to have strict access controls and categorization of confidential data. A holistic approach should include a strict audit and assessment process which should then translate into an approach that is more oriented towards incident prevention rather than simply focusing on incident response.
Seqrite Endpoint Security, recently certified by AV-Test as the Top Product for Windows, offers a suite of solutions that offers cutting-edge protection catered towards the pharmaceutical enterprise to protect its network and connected devices.