Stakes of security especially high in pharmaceutical industry

Pharmaceutical companies face a special level of responsibility, as it is essential that consumers are able to trust in their prescription drugs and related medical treatments, and that patients are able to reliably access them while also having their data privacy protected.

ai in biopharma 1000x630
Dell EMC

Devising and properly executing strong cybersecurity programs is an imperative that overlaps virtually all industries and sectors, but pharmaceutical companies face a special level of responsibility. It is essential that consumers are able to trust in their prescription drugs and related medical treatments, and that patients are able to reliably access them while also having their data privacy protected.

It is no exaggeration to say that accessing the treatments pharmaceutical companies develop and distribute can be a matter of life and death to consumers, so the need to protect the integrity and availability of those products cannot be overstated. This is particularly true in an era in which big data enable personalized medicine and can be used to provide personalized drug prescriptions that can be fatal if integrity is breached.

Adding to the societal responsibility of keeping pharmaceutical products secure, the financial stakes are high. The pharmaceutical industry is an enormous source of revenue (continuing to grow from its estimated US $934 billion global market value in 2017, according to The Business Research Company), so it is no surprise that pharmaceutical organizations are a popular target for cybercriminals who are drawn to the possibility not only of stealing proprietary data, but also of the related intellectual property that provides insights on business processes that could provide a lucrative competitive edge. The pharmaceutical and biotech industry is among the most targeted by cybercrime, according to a Detica report in partnership with the UK’s Office of Cyber Security and Information Assurance.

Opportunities to act on these bad intentions are growing as pharmaceutical organizations pursue new delivery methods and modernizations to the supply chain. These advancements have the potential to deliver improved customer experiences and open new revenue streams, but also expand the threat landscape to cyberattacks.

One such promising example of digital transformation is in South Africa, where a network of self-service pharmacies, designed to relieve congestion in the country’s medical system, recently was established. The upside of this innovation is clear – in addition to lightening the burden on the country’s strained healthcare resources, it can expand access to treatments fighting HIV and other chronic illnesses – but pharmaceutical companies and regulating bodies must be sure to engage in thorough risk assessments and have robust governance processes in place to ensure that such initiatives are deployed securely.

Further, a heightened global focus on privacy regulation, including the General Data Protection Regulation (GDPR), calls for a high degree of vigilance from pharmaceutical organizations in ensuring they are judicious about the way they collect and store customer data generated by these new initiatives.

Phishing attacks on the rise

The fast-growing e-commerce landscape provides another area in which pharmaceutical companies must sharpen their focus. As consumers increasingly purchase medicine online, the volume of online pharmaceutical scams is spiking. Phishing scams can be especially problematic, prompting an official warning in 2018 from the US Drug Enforcement Administration (DEA) related to individuals posing as DEA agents attempting to obtain a variety of valuable data, such as physicians’ signatures and patient social security numbers.

While phishing might not seem like a new threat – by cyberthreat standards, it has been around a long time – phishing and email-borne attacks more than doubled from 2017 to 2018, and security company Proofpoint, which analyzed attacks against Fortune 500 companies, found that pharmaceutical companies were most targeted, incurring an average of 71 email fraud attacks in just one quarter’s time. This ramped up volume of phishing attempts, ever increasing in sophistication, underscores the need to refine phishing awareness and training programs.

Cloud provides additional attack vectors

Secure cloud deployment is another of the pharmaceutical industry’s greatest challenges. As Larry Ponemon, chairman and founder of the Ponemon Institute, recently said, “We see most data breaches in pharma during the move to the cloud: More than half of incidents happen during this move. The knowledge to do this migration well is critically important, and many of these organizations don’t have the people to do this correctly, and that’s definitely an issue.”

Pharmaceutical organizations need to establish a cloud governance model that aligns with their business goals, and then put the appropriate processes in place to ensure risks are being identified and mitigated on an ongoing basis. This includes revisiting vendor management policies, which can make or break the success of cloud deployments.

Effective use of technology has become a mission-critical enabler of enterprise success in virtually all industries, and that is certainly true in the cutting-edge pharmaceutical industry, where competition is fierce and the pressure is intense to quickly move new treatments to market. While business pressures in such a crowded and profitable marketplace are a reality, pharmaceutical companies must nonetheless resist the temptation to take shortcuts in safeguarding their intellectual property and related critical assets.

With so much hanging in the balance – most importantly, the patients who depend on their life-enhancing and, in some cases, life-saving products – the pharmaceutical industry must give cybersecurity the needed priority in attention and investment to stand up to the seriousness of the threats that it faces.

This article is published as part of the IDG Contributor Network. Want to Join?

Copyright © 2019 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!