Steps businesses can take now to better protect themselves and their data.
One of the unfortunate trends facing the pharmaceutical industry is that of cybersecurity. At this time, there is no government infrastructure in the United States that protects individual non-governmental organizations. As such, the pharmaceutical industry must be independent and spearhead its own cybersecurity efforts.
in an interview with pharmacy ExecutiveLt. Gen. (LTG) (Retired) Ed Cardon recommends that all businesses should think about cybersecurity like this: If you will be hacked, that when” Everything can be hacked. The question is how much time and resources hackers will devote to it.
General Cardon was the commander of the U.S. Army Cyber Command. Since retiring from the U.S. military, he has continued to work with both government and private cybersecurity agencies to strengthen network and data security.
According to General Cardon, the three major cybersecurity threats to the pharmaceutical and biotech industries are: 2) Ransomware. usually of a criminal nature. 3) insider threats, such as willful or unwitting insiders within an organization;
There are other threats such as ‘hacktivists’, but they are not the main ones at this time. A key characteristic of cyber attackers is that they are constantly evolving. The environment is dynamic, not static.
APTs are considered a serious threat because countries (or nation-states) have determined that hacking certain networks is important, such as stealing IP or data. Consider the organization’s cybersecurity as a system, including assessing information technology, suppliers/supply his chain (e.g., third-party connections to the company’s information technology network), the facility itself, and analyzing people and facilities, and He explains General Cardon. .
The problem is that no matter what organizations do to protect themselves, they are at a disadvantage. As General Cardon explains, APT can attempt to hack a network 10 million times. Conversely, an organization must always be 100% correct.
“This is why I believe corporations need help for the nation-state,” says General Cardon. “There is no way for corporations to protect themselves from the nation-state in the long run.”
Ransomware, on the other hand, is not motivated by IP, data or other information. Instead, the motive is money and to do it as fast as possible. If a target is too difficult to hack, criminals move on to the next target, he said, General Cardon.
One way to combat cyberthreats is what he calls the “Zero Trust Principle.” This starts with the premise that everything can and is supposed to be hacked. General Cardon breaks down the principles further.
- certification. This includes passwords, two-factor authentication, etc. to ensure that everyone is who they say they are before accessing the network.
- Segment your network. People should only be able to access what they need within the network (for example, not everyone should have access to clinical trial data or IP data).
- encryption. Even if a hacker breaks into your network, they won’t be able to retrieve your data without a supercomputer.
- monitoring. Sensor your network so your cybersecurity team can “see” it in a way that highlights anomalies.
Another idea is to build resilience, redundancy and regeneration of your highest value assets. First, make your network more resilient through proper “cyber hygiene”. One example is to quickly update and patch software as it becomes available. Second, if your process or data is very important, make sure you have redundant systems. General Cardon explains that “important data and information he should not put in one place, network, or server.” Finally, have a plan to regenerate the network when all else fails. This capability is accessible from most cloud technologies today.
It is impossible to protect everything anytime and anywhere. However, General Cardon recommends that companies consider the following strategies to more effectively limit potential threat opportunities.
- Go beyond firewalls and endpoint security.
- Use a threat-based “maturity model”. This is the premise that everything is hackable. Start by analyzing the systems, processes and/or data that are most valuable to hackers and orchestrate your cyber defenses accordingly.
- Implement a monitoring system to detect anomalies, including computer behavioral heuristics, for early detection of potential problems.
- Use “white hat hackers” (cybersecurity experts) for penetration testing to attack your organization’s network and identify vulnerabilities on a regular basis.
Meg Rivers Editor-in-Chief of Pharm Exec and can be reached at [email protected]