It is no secret that the pharmaceutical industry has access to some of the most critical, confidential data available – patient data, research and intellectual property to name a few. Coupled with the industry’s strict privacy guidelines on safeguarding protected health information, the need for effective cybersecurity management goes without saying. Like other industries, pharma companies are undergoing a rapid digital transformation following the global pandemic. These organisations are a hotbed for valuable data and becoming more prominent targets for cyber attacks with mind-blowing amounts of sensitive patient data and intellectual property is collected and managed online. Recent research from Deloitte even revealed that cyberthreats was rated as one of the top challenges that will have the greatest impact on their company in 2021.
As the industry navigates the many new challenges and obstacles posed in 2021, I have collated the three main cybersecurity concerns that have arisen as a result.
1. Dealing with third-party systems: shielded logins
With increased demand on the industry to produce results quicker, many pharma companies now rely on third-party vendors' services to carry out daily operations and improve efficiencies, such as suppliers, treatment centers, insurance providers and manufacturers. An expanded ecosystem, opens up more areas and vulnerabilities for an attack. For example, if any third-party vendor within an ecosystem were to experience a data breach, the entire organisation would be affected operationally. It would likely take on some of the reputational and financial damage. In fact, a Gartner report revealed that more than half of legal and compliance leaders think a cybersecurity and data breach is the most-increased third-party risk their organisations face.
An efficient method to combat this major concern would be to implement a cloud-based shielded login to third-party systems. Using an authentication service whereby the user’s logins are transported via the browser as a client, all other authentication processes are performed by backend systems – providing an extra layer of protection when coordinating third-party involvement. What’s more, for the login, dynamically generated, unique passwords and tokens are encouraged, which are not stored by the service provider so that the login information to applications remains hidden for all other users.
2. Putting an end to employee error and negligence: the easy way
Even in a seemingly digitised world, employee error and negligence is still a major driver of data breaches across nearly all industries. According to a study by IBM, human error is the main cause of 95% of cyber security breaches. What is particularly interesting to note is that the C-suite and high-level personnel are not the only employees who should be wary of external cyber attacks within pharma. Lower-level management and staff are more likely to be targeted with common types of cybercrimes that leverage human behaviour to gain sensitive information, including baiting and pretexting.
Organisations can lose the employee error and negligence through disconnecting the end user environment from the corporate hosting environment. The combination of a cloud security software that only grants access to shared applications and not to the entire corporate network while allowing top-level managers to restrict access to data ensures that sensitive files can only be downloaded from the server to the end device authorisation.
3. Fighting phishing attacks: a Zero Trust Architecture
The frequency and quality of phishing attacks, which refers to the fraudulent attempt to access critical information by posing as a trusted source or entity, has has increased dramatically during COVID-19. Organisations can lose the employee error and negligence through disconnecting the end user environment from the corporate hosting environment. The combination of a cloud security software that only grants access to shared applications and not to the entire corporate network while allowing top-level managers to restrict access to data ensures that sensitive files can only be downloaded from the server to the end device authorisation.
Due to the commonality of the issue, it is hugely encouraged that organisations should implement a cloud-based solution provider that exercises a Zero Trust Architecture (ZTA). Through this approach, no actor who wants access to resources or services in the network is trusted from the outset. This means every access, whether from outside or inside, is individually authenticated. A solution that checks not only users each time they log in, but also their trust status is continuously queried during the sessions. As soon as a change is detected that poses a risk, the granted access to a service is interrupted. Rather than analysing the protection of individual network segments, a ZTA approach focuses on the protection of defined company resources.
No doubt the pharma industry will continue to face cyber threats as the demand for its services increases. With sensitive data on the line, pharmas can not afford to take their foot off the cybersecurity gas pedal at this time. Implementing an end-to-end cloud-based security solution, is a simple yet highly effective way to combat these cyber concerns in 2021. With a secure solution in place, leave the cybersecurity concerns for the cloud to fend off while pharma companies can concentrate their efforts on healing the rest of the world.
Dominik Birgelen is chief executive of oneclick AG