Ca-ssis/istock via Getty Images

Cybersecurity Best Practices for the Pharma Sector Amid COVID-19

The COVID-19 pandemic has seen a spate of cyberattacks on the health and pharma sectors. Employing cybersecurity best practices will prove crucial to protecting these valuable systems.

A joint alert from the Department of Homeland Security Cybersecurity and Infrastructure Security Agency warned of an increase in password spraying campaigns tied to the coronavirus, specifically targeting pharmaceutical companies, research firms, and other healthcare entities involved in both the national and international COVID-19 response.

Advanced persistent threat (APT) hacking groups have continued to leverage the pandemic for financial gain, with several key response groups reporting being targeted and others facing successful attacks. Not even the World Health Organization has been spared from an increase in cyberattacks against its staff.

Given the successful attacks on COVID-related research firms, it’s imperative companies within the pharmaceutical industry understand both the current threat landscape and best practices for preventing and detecting abnormal activity.

For Joe McMann, the cyber strategy lead for Capgemini North America, the pharmaceutical sector’s challenges are not unique from a threat perspective from the overall healthcare sector. Rather, the potential risks and impacts are obviously heightened during the pandemic.

“Any threat which has the potential to disrupt operations, such as ransomware, is to be taken seriously right now and unfortunately, becoming all too common,” McMann said. “Pharmaceutical companies conducting COVID-related research or support need to be extra vigilant as all eyes are on their quick progress toward a treatment and cure.”

“The work they are doing is time-sensitive, so while a cyberattack could certainly result in critical data loss, it could also delay production toward a solution,” he added.

To start, pharmaceutical companies must establish a baseline for cybersecurity to prevent and detect potential attacks, measured against foundation operations and capabilities, he explained. Organizations will need to answer questions that include whether the company is appropriately structured to be able to manage and run security programs amid the current global pandemic.

Further, these companies will need to determine whether they’ve employed the correct defensive capabilities, as well as effectively applied the right balance of people, processes, and technologies, said McMann.

These measures will prove crucial as hackers continue to pepper the healthcare and pharmaceutical industries during the pandemic and improve the sophistication of their attack methods.

For example, FBI and researchers have repeatedly warned that threat actors are targeting providers with double extortion attempts. In this method, cybercriminals first gain access to a victim’s network and move laterally across the network. Stealing data in the process, these actors remain on networks for days and sometimes months before launching the ransomware payload.

“The challenge with this type of activity is that it needs to be identified and stopped before exfiltration has occurred and the final payload of ransomware has been deployed,” said McMann. “The most effective way is to prevent or disrupt the intrusion in the first place, and this is certainly possible and achievable based on everything we know about how these threats operate.”

“However, if that chance is missed and an attacker has gained access to the network, there are still multiple opportunities to employ detections and mitigations that will provide a warning or slow the adversary down long enough to organize a response,” he added.

To McMann, the key will be for organizations to evolve to an intelligence-based mindset, leveraging defense-in-depth principles that take advantage of detection and mitigation capabilities for the entire lifecycle of a cyberattack. Alternatively, these pharmaceutical companies can find a partner currently operating with this mindset.

While the stakes are much higher, McMann explained that the security measures and control for the pharma sector are similar to other industries. Best practices include performing an accurate assessment of the company’s current cyber posture, followed by testing and validating controls and capabilities to find and close gaps in their foundation.

The analysis will help an organization to implement a strategy that will transform operations in a resilient and adaptive manner to take advantage of those capabilities, he explained.

“Protecting critical data that could save lives means the margin for error has more significant consequences, and security teams need to be as synchronized as possible to ensure the measures put in place are working as intended,” McMann said. “There is no silver bullet here.”

“What we often see is that it takes a significant event for an organization to realize how important it is to be secure,” he added. “Perhaps it’s a breach of their own organization, or one of their competitors, that serves as the wake-up call to invest in these resources and ensure they’re implementing the preventative measures.”

Instead, pharma companies should shift to a proactive stance promoting solid cyber hygiene across the enterprise, especially amid the pandemic, McMann stressed. That includes educating all workforce members on “how cybersecurity enables the work toward a cure or treatment” and how failure to bolster cybersecurity could lead to “devastating consequences.”

In particular, these tools and conversations cold enable security leaders with the necessary monetary investments to defend their organization from a potentially disastrous security event.

And as pharma companies continue to rely heavily on technology to find solutions for the pandemic, McMann added that securing the tech should be part of the conversation from the beginning.

“If pharmaceutical companies and the technology they’re leveraging are cyber secure by design, the outcomes will enable the continued progress toward a life-changing result,” he said. “Cybersecurity is an ever-evolving journey.”

“There are always ebbs and flows, with potential risks and impacts coming and going along the way, but pharmaceutical organizations should remember that the key to cybersecurity success is preparation and coordination,” McMann concluded. “Taking the time before an emergency to build the right mix across people, process, and technology is always the best way.”

Next Steps

Dig Deeper on Pharmaceuticals