2 minute read
Recent ransomware attacks on pharmaceutical companies pose significant obstacles to COVID-19 treatment and vaccine development. They are not mere inconveniences, these attacks pose existential threats to the pharmaceutical industry's ability to conduct R&D and produce and deliver medicines. In other words, ransomware poses a risk to business growth. These attacks are growing in sophistication and frequency. In this vital time for pharmaceuticals, it's time to rethink ransomware defense on three levels:
- Point of Entry: It's not just email anymore
- Responsibility: It's not just the CISO's problem
- Board level planning: Get the board onboard
Let's take these in turn.
Point of entry: It's not just email anymore
The pharmaceutical industry shows no sign of slowing its investments in digital transformation technologies. In fact, the COVID-19 pandemic accelerated many plans to enable distributed work environment. Cloud and mobile applications became critical for ensuring business continuity. Multi-regional R&D teams use Slack to share and collaborate on research. Project teams use Microsoft Teams to communicate throughout the day and share files through Sharepoint. Field force teams may even be using WhatsApp or WeChat to maintain communication with HCPs in the absence of in-person meetings and events. But these channels also represent a dramatically expanded attack surface. In one of the first surveys of CISOs about COVID-related business changes, Arceo.ai found the top three security concerns were:
- Cloud usage vulnerabilities (49%)
- Vulnerabilities from personal devices (45%)
- Vulnerabilities from unvetted apps/platforms (41%)
Case in point: We have detected malicious PDF files sent to field force reps in WhatsApp messages, and links shared in Teams chats. With more companies relying on cloud-based infrastructure, it's mission critical to apply controls to these channels to the same degree that email has been protected. Securing one communication channel while leaving another ten exposed is a mistake. Social, mobile, and cloud channels must be secured as any other supplier risk.
Case Study: How a Global100 pharmaceutical enterprise
automates security and compliance for WhatsApp
Responsibility: It's not just the CISO's problem
The primary challenge facing security teams trying to protect this proliferation of channels is a lack of visibility. With the rapid shift to remote work environments, security teams may not even know which channels were adopted by what teams to ensure business continuity. They cannot protect what they don't know about. Protecting your company against ransomware is a whole-team effort, and requires visibility at the enterprise level, across all lines of business. Again, different teams have different tech stacks, all of which are critical to driving business growth. As such, these teams bear some responsibility in securing against supplier risk and jeopardizing company operations and revenue generation. Executive leaders must ensure stakeholders are communicating with one another and maintaining active inventories of their tech stacks. Does the CISO know if sales teams are using WhatsApp? If IT procures Teams, do they share risk responsibilities with infosec teams?
Board-level planning: Get the board onboard
The best protection against ransomware is proactive prevention. And to combat ransomware – which accounts for 27% of all malware incidents – executives cannot regard ransomware as an issue to be solved solely by the CISO or CIO. Combating ransomware needs to become a board-level concern. This way, an anti-ransomware stance can be built into the foundations of the enterprise tech stack.
When ransomware is made a board-level priority, it makes decision-making easier. Everyone is on the same page, everyone knows the plan, and their part in it. To combat ransomware, the following things need to happen.
- Data backups need to happen like clockwork, as often as possible. They need to be combined with backup and restore drills.
- Third party cloud channels – a rapidly growing source of ransomware attacks – need to be constantly monitored for threats with advanced digital risk protection software. Unlike email, which has a $3B security industry, cloud channels are weak, and cybercriminals know it.
- Endpoints need to be constantly watched for IOAs (Indicators of Attack). An endpoint detection and response (EDR) solution is critical.
Pharma executive leaders must marshal their organizations to effectively prevent ransomware attacks. These threats are not simply an IT issue. It’s a whole company issue.
We serve 7 of the top 10 pharma companies globally.
Find out how you can protect your company's growth against ransomware.
October 22, 2020