Given the intensity of the COVID-19 vaccine race, it was no wonder that organizations involved in the research for it were among the biggest targets for cyberattacks.
Around 20% of the 777 cyberattacks dealt with by the UK’s National Cyber Security Centre (NCSC) between Sept. 2020 and Sept. 2021 were linked to the health sector and vaccines. One attempted ransomware attack targeted vaccine researchers at the University of Oxford, which the NCSC says would have caused ‘significant disruption to the UK’s pandemic response’ if it had been successful.
Intellectual property is a highly-prized asset, so the threat of a data breach looms large for pharma companies — whether from cybercriminals seeking financial reward or in the case of COVID-19, unscrupulous governments developing their own vaccine programs. Weaknesses due to poor IT systems and staff training will only have been exacerbated by the move to remote working.
Connected manufacturing environments have vastly improved operational efficiency in recent years, enabling companies to optimize production scheduling to increase capacity and maximize yield, while maintaining a validated process. However, greater connectivity can also increase cyber risks if not managed properly.
With the threat of cyberattacks ever-present, pharma companies should focus on both digitization and a comprehensive cybersecurity strategy to avoid damaging loss of data.
Technology: The first pillar
One issue for many global firms is that their IT infrastructure has become a patchwork of disparate systems over the years. Any IT team, whether in-house or outsourced, would struggle to manage thousands of solutions, including unsupported legacy software.
Demand for cloud-based software in pharmaceuticals has grown significantly over the past 18 months. Flexibility and scalability have been two of the biggest drivers for manufacturers, who want to facilitate remote working or collaboration between different sites via a web-based single sign-on. But, unsurprisingly in the current climate, another key factor is security.
While on-premise servers might once have seemed the safest bet for gatekeepers of proprietary data, such as drug recipes and clinical trial results, that’s no longer always true. Servers have to be maintained and updated, which often comes at a higher cost compared to cloud solutions, and in-house systems don’t tend to have the same level of security, continuous backup and rapid recovery of data capabilities.
Don’t forget people and processes
Of course, technology is only one element of cybersecurity strategies. Recently, I spoke to Jim Wheeler, a director at UK-based risk consultancy Control Risks, who pointed to two other pillars to invest in along with technology: people and processes.
Regular training for employees will empower them to follow best practices, be vigilant against phishing emails and ensure that passwords are strong. IT teams can add another layer of security by managing applications in the cloud and allowing SaaS providers to do more of the heavy lifting. Just as important is devising and communicating a response strategy and a clear chain of command in the event of an attack.
Jim went on to say that, along with IP, pharma firms are as susceptible as any other organization to data losses. If sensitive employee and customer information, financials and business strategies fell into the wrong hands, a company’s reputation would be tarnished, which could lead to the loss of sales and investment. On top of that, there’s the prospect of legal action and fines.
We know it’s not a case of ‘if’ but ‘when’ another pharma company will be targeted by cyberattackers. There’s no way to retrieve data published on the dark web, and since paying a ransom to attackers is not recommended, the best defense is prevention.
The good news is that this is eminently achievable for any organization, and the risk of cyberattacks certainly shouldn’t be a barrier to innovation in lifesaving drug development.
Any investment in digitization should be underpinned by a strong security strategy that encourages employees to mitigate the risks at an individual, departmental and company-wide level. With this in place, pharma companies can leverage emerging technologies like AI, IIoT and advanced analytics to increase their capabilities without compromising data.
As one of the original team members for Access Orchestrate, Rod Schregardus, has significant experience in helping companies with their day-to-day scheduling, capacity planning and what-if analysis.