When it comes to cybersecurity in pharma, having an online presence means vulnerability to cyber-attacks.
As cybercrime becomes more sophisticated, pharma companies are plagued by cyberattacks that can be both advanced and persistent.
For pharma companies, any cyber-attack has the potential to both wreck both operations and damage a company’s reputation. For pharmaceutical companies, the implications are particularly dangerous.
Leading pharmaceutical companies manage an array of assets. These generally include infrastructure, applications, managed and unmanaged endpoints, mobile devices, and cloud services, all of which can be attacked.
Global security revenues are headed for strong growth in the first half of the 2020s, reaching $198bn by 2025. The strongest growth will be in software, which will record a CAGR of 13% between 2020 and 2025, rising from $52.1bn in 2020 to $96.5bn in 2025.
Over the same period, hardware revenues will increase from $26.5bn to $40.7bn, a CAGR of 10%. Services will record the smallest CAGR, 5%, rising from $47.9bn in 2020 to $60.7bn in 2025.
GlobalData’s Pharmaceutical Technology cybersecurity dashboards track data and information on cybersecurity in pharma.
Trends: Cybersecurity in Pharma – Impact of Covid-19
Work from home mandates force cybersecurity initiatives to move quickly.
The rush to remote working in many places around the world in mid-March 2020 meant that many corporate IT security teams did not have enough time to put security defences in place to protect cyber-naïve home workers.
The proportion of attacks targeting home workers increased from 12% of malicious email traffic before the UK’s lockdown began in March to more than 60% six weeks later, according to cybersecurity company Darktrace.
Soon after lockdown, law enforcement agencies warned of a large increase in pandemic-related fraud, using tactics designed to piggyback on Covid-19-related issues.
Examples included phishing emails relating to sales of fake coronavirus test kits and personal protective equipment (PPE).
Targeted cybercrime in pharma and healthcare
During the pandemic, sophisticated hackers also targeted hospitals with ransomware and used a popular university dashboard showing Covid-19 cases as a vehicle to deliver Android spyware.
While some companies have had a remote working structure in place for several years, many preferred their staff to work from offices.
Suddenly, the entire organisation had to be allowed to work remotely, so the breadth and depth of remote working – and the risk – dramatically increased.
There will be financial fallout from Covid-19, which may mean that companies reduce their security costs.
Firms already looking for cost reductions across functions will ask themselves if they have the right model for security and whether they should look at cybersecurity differently as part of any post-Covid-19 corporate transformation.
Cybersecurity-Driven Innovation in the Pharma Sector
To best track the emergence and use of cybersecurity in pharma, Pharmaceutical Technology tracks patent filings and grants, as well as companies that hold most patents in the field of cybersecurity.
Number of patents in Cybersecurity in the Pharma Sector: Past 20 years
The Cybersecurity patents tracker in the pharma sector monitors the patents filings and grants over the past two decades.
Cybersecurity in pharma: Vulnerability management
Vulnerability management is the process of identifying, evaluating, treating, and reporting on security vulnerabilities, both in systems and the software that runs on those systems.
Organisations typically have a vulnerability management process, which allows them to understand what vulnerabilities are present within their IT estate.
The UK National Cyber Security Centre believes that executive staff should ideally be as aware of the major vulnerabilities in their IT estate as they are of their financial status.
Having a vulnerability management framework in place that regularly checks for new weaknesses is crucial for preventing cybersecurity breaches.
Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.
Leaders in vulnerability management include Tenable, Qualys, Rapid7, Kenna Security, NopSec, and RiskIQ.
Pandemic response by cybersecurity pharma companies
Companies explore new avenues to establish solid cybersecurity in response to heightened risk during the Covid-19 pandemic.
Companies in the healthcare field, from medical device manufacturers to healthcare service providers and more, are like any other company in their increased vulnerability to cyberattacks during the pandemic.
Companies have been forced to establish what their strategic operational initiatives will be to address the effects of Covid-19 and the role cybersecurity plays. Some of the initiatives that organisations have deployed include:
- Realignment and prioritisation of IT programmes, with a particular focus on more tactical short-term solutions
- Provision of adequate security measures for remote workers
- Assurance of credible measures as greater pressure is placed on accessing data outside the enterprise network