Cyberattacks are a serious threat to pharma companies’ reputations. And most importantly to patients’ ultimate well-being and safety. It is important to understand the current state of cybersecurity in Europe. As well as what we can do as we move forward into the future.
The COVID-19 pandemic brought changes to pharma companies, shifting work dynamics. It also forced the industry to evolve and respond to the socio-political conjecture. So, it became a household for sensitive data and information, attractive to cybercriminals.
In 2021, organizations suffered around 900 cyberattacks per week on a global scale (Checkpoint). Data breaches became almost a ‘buzzword’. This was a year when these reached an unprecedented increase.
Cybersecurity in Europe: An Overview
Cybersecurity and Cyberattacks – A definition
It’s known that cybersecurity is a practice carried out by companies. It aims to protect sensitive and confidential data from possible digital attacks. Some people also know it as information technology (IT) security. Its main purpose is to put into action measures and regulations designed to protect networked systems.
A cyberattack refers to an illegal activity carried out by cybercriminals. It has the intent to disable computers, steal sensitive data or enter disabled systems to plant further attacks. There are different methods that cybercriminals use. Some of these are:
- Malware – is an umbrella term that refers to any malicious software designed to compromise the security, availability, and integrity of a determined system. There are different types of malware – trojan, ransomware, virus, worm, and many more. In the world, in 2021 there was a decreasing trend in malware attacks according to ENISA (European Agency for Cybersecurity).
- Phishing – is a type of attack that steals a user’s login credentials, credit card numbers, and other related data. It tricks the user into believing in the credibility of certain sources and entities to extort intended information. Attacks on consumers in Europe have increased by 718% in 2020.
- Man-in-the-middle attacks (MITM) – is an attack where the criminal positions himself in the middle of a user’s interaction with software or application. It impersonates one of the parties as a way to disrupt communication and disguise it as a normal exchange.
The current state – An overview
COVID has brought a catalytic effect to the pharmaceutical industry and its growing digitization. Companies became more connected through online software and systems. Which makes the imminent threat of cyberattacks and data breaches strengthens.
Pharmaceutical companies are vaults of sensitive and confidential data, as well as revenue, that have been luring the attention of cybercriminals. Especially now with the increasing vaccination programs from renowned brands. That is why between 2020 and 2021 there was a surge in data breaches in the industry.
In 2021 a Black Kite report concluded that 10% of global pharma manufacturers were at high risk of suffering ransomware. A further 80% of Pharma businesses are highly exposed to cyberattacks (Tech Times). Even though the world was and is moving closer toward a post-COVID era, the workplace dynamic shift into a hybrid system has proven to be vulnerable to outside threats.
On that account, cybersecurity has become a crucial concern and consideration for companies. The synergy between work from home and office has unveiled a myriad of challenges. Many of them ought to be taken into consideration as we advance into the future.
What impact does the “new normal” in pharma have on cyberattacks?
Yet, there are also vulnerabilities that have surfaced from the industry’s growing tendency towards the adoption of a customer-centric approach. If Pharma companies once detained confidential information on their customers, they do so more now. Due to the adoption of an omnichannel, integrated communication strategy, these now engage with users, regularly, opening up the door to exploit these networking dynamics and spread misleading information on products (PharmExec.).
Most companies tried to use existing media to accommodate the work-from-home dynamic. Yet, this is not enough as the industry progresses and so do cyberattacks.
Cybersecurity is of importance. Fifty-four per cent of participants in a GlobalData conducted survey defended that this should play a crucial role in helping pharma companies overcome the impact of COVID.
So, before thinking of what steps to take in the future, it is important to identify the most common types of cyberattacks in the pharmaceutical industry.
The most common types of cyberattacks & threats in Pharma
1 – Ransomware
Ransomware takes centre stage as one of the biggest threats to pharma companies. This is a method of cyberattack with the goal of extorting financial profit. Perse, is a type of malware that attacks a user’s data, threatening to publish it in exchange for a paid ransom.
In this type of attack, a victim’s private information can leak or access to it can be blocked. Thus, endangering a patient’s health and safety but also a company’s brand reputation. In 2020 alone, Fortinet found that around 17,000 devices were reporting ransomware attacks each day (Fortinet).
IoT, also known as the internet of things, is a network of physical things. It’s embedded with software and other technologies. They connect them with other devices and systems over the internet. It’s one of the pinpointed targets for cyberattacks in the pharmaceutical industry.
By the year 2019, 80% of healthcare organizations had experienced an IoT-focused cyberattack. Operational downtime is one of the most common impacts of these specific attacks. These compromise the end-user’s safety, in other words, the patient’s wellbeing.
3 – Data breaches
A data breach often occurs when there is a security violation. Here confidential data and information is shared, viewed, stolen, or even used by an entity. A survey in the pharmaceutical sector has shown that 60% of businesses in the EU have suffered a loss of important data (EPR).
Outside cybercriminals tend to be the main performers of this crime. Yet, a good percentage of them result from human error. According to IBM, 95% of the data and security breaches that happen are due to human error.
There are then two different types to describe this negligence from employees. The first is skill-based. This means, that professionals know the protocols and actions to follow. Nonetheless, momentary lapses happen, leading to minor mistakes. The other is decision-based. These are errors from decisions founded on a lack of knowledge or information on the actions taking place.
What to do in the future?
As shown above, pharmaceutical companies in the EU are preparing for a post-COVID world. So, it is important to acknowledge the long-lasting effects left by it on the industry. And, in that way, take cybersecurity and its risks as a priority.
Omnichannel marketing strategies and customer-centric communication approaches are here to stay. Companies will further venture into a digital engagement that integrates different channels. Thus, it is vital that they invest in protecting their network. They must have a cybersecurity plan in action. One that covers all processes in drug making – from research to production and launch.
“The security architecture must extend protection from research, prototyping, and approval to manufacturing, distribution, and the patients being treated.” – Troy Ament CISO for healthcare at Fortinet (PharmExec.)
One other important step to take is to invest in the adoption of tools and practices for the digital protection of software, systems, and networks your company uses. And, for that you might consider:
- VPN – a tool that allows you to encrypt data in transit, helping workers to ensure the cloud is secure.
- DLP (Data Loss Protection) – is an especially important tool for teams that work with sensitive data, such as those in the pharmaceutical industry.
- Analyze malware regularly – understand where the threats might come from and identify them before they can become a data breach.
- Keep up to date with the latest happenings in cybersecurity, new technologies, and tools that might better fit your needs.
All in all, your must ensure your staff knows how to use cybersecurity tools. Most importantly, how to conduct safe digital behaviour. In fact, your company will benefit from your employees being aware of the protocols to follow. In turn, this avoids the damaging impact of cyberattacks.
Companies’ growing digitization and the impact of the COVID-19 pandemic have shed a light on the challenges of navigating online systems. Additionally, this brings the threat of cyberattacks. They are damaging to pharma brands’ reputations, and to patients’ safety and wellbeing.
In 2020, the healthcare and pharmaceutical industries became a pinpointed target by cybercriminals. So, to adapt to this environment, and continue to thrive on a digital path of communication, it is important that European companies are aware of the importance of cybersecurity.