Last Updated on March 21, 2021 by The Health Master
How Pharmaceutical Industry can avoid Cyberattacks
Pharmaceutical companies, operating in a high-stakes field predicated on intellectual property, have always been attractive targets for cybercriminals. The current attention to C-19 vaccine development and distribution may put an even bigger bull’s-eye on the industry.
A serious vulnerability that companies need to address — like enterprises in every sector — is the compromise of identities and privileged access that can result from operating in constantly scaling hybrid and multicloud environments known as the cloud permissions gap.
It’s an attack surface that is only going to continue growing, leaving companies susceptible to attacks that, in pharma, could result in devastating, even deadly, consequences.
An example of the threat can be found in the recent third-party supply chain breach in which attackers inserted malicious code into updates of network management software that was installed by about 18,000 customers.
Also read related news:
This allowed the cyber attackers to compromise the systems of tech giants such as Microsoft and a host of U.S. government agencies, along with hospitals, power companies, and educational and financial institutions.
At the core of the attack was the exploitation of users’ identities and permissions, a technique that is becoming increasingly common amid large-scale migrations to the cloud.
gain entrance by compromising a user’s identity, move laterally through the network looking for high-value targets — sometimes hiding for long stretches of time looking for an opportunity — and use privilege escalation to gain clearances beyond those of the compromised identity, such as administrative permissions or kernel access to an application or operating system.
All of those tactics were used in the third-party supply chain breach, which has resulted in about $90 million in insurance costs, as well as intellectual property losses. The exact extent of the damage to national security agencies has yet to be fully determined. Pharma, where proprietary information is the very lifeblood, faces the same kind of threa
Pharma As A Cyberattack Target
The industry is no stranger to cyberattacks. Pharmaceutical and biotech companies suffer more breaches than those in any other industry, with 53% of them resulting from malicious activity, according to the 2020 Cost of a Data Breach Report (registration required) from IBM and the Ponemon Institute.
And the costs of those breaches are constantly growing. The study found that the average cost of a breach in the pharmaceutical industry was $5.06 million, behind only the healthcare, energy and financial industries. One company alone incurred $1.3 billion in losses following a 2017 breach.
Meanwhile, the growing reliance on the cloud, including hybrid, multivendor environments, has greatly expanded the attack surface and underscored the importance of managing identities and permissions. The IBN and Ponemon Institute’s report found that most breaches involving pharma happen during cloud migrations.
And those attacks often stay under the radar while attacks surreptitiously gather information. In pharma, it takes an average of 257 days to identify and contain a breach. Although identity and access management (IAM) has become a priority in cybersecurity, the job has grown beyond the scope of in-house security teams or the native tools offered by cloud providers.
Organizations need to take a comprehensive approach to hybrid and multicloud permissions management, representing the next level of identity management.
What Pharma Companies Can Do
Cloud operations, fed by DevOps software development and continuous integration and continuous delivery (CI/CD), have exponentially increased the number of identities in the enterprise, including nonhuman identities (ranging from devices and machines to APIs and service accounts).
Steps organizations can take to reduce their vulnerability to attack include enforcing least-privilege policies, which will limit the lateral movement an attacker can make once inside a network.
Organizations also can ensure that their developer environments are as secure as possible, requiring secure transfer methods and authentication practices within their teams.
Granting full access to identities can also result in costly, far-reaching damage. To prevent that, tight management of identities and permissions needs to become a priority for the pharma industry.
Companies can consider approaches that include automation, machine learning and advanced analytics to keep close track of the identities on their network while enforcing least privilege policies.
Granular visibility into the permissions and activities of all of an enterprise’s human and nonhuman identities allows security teams to quantify risk exposures, identify high-risk permissions and automate the rightsizing of permissions without manual intervention.
Companies also should continuously monitor high-risk permissions and sensitive resources to allow for quick remediation of configuration drift or any violations of policies.
Identity and permissions management is at the core of security in an increasingly complex multicloud environment, as recent supply chain breaches have demonstrated.
Companies in the pharma industry looking to avoid being a victim of such an attack need to get full control of their network identities to prevent the kind of compromises and privilege escalation that puts their most valuable data at risk.
By Raj Mallempati
The author is COO at CloudKnox Security