Posted on May 10, 2021
Backups & DR
The COVID-19 pandemic has been a test on the limits of just about every industry. Almost immediately, Big Pharma giants began working to combat the pandemic, along with relevant experts in dozens of other related fields. Huge sums of money have been poured into finding a way to combat the outbreak.
The primary goal has been a vaccine, a shot or group of shots that can render people immune to the virus. The scale and import of these vaccine development projects has been immense.
Unfortunately, online crime tends to follow the money. For reasons both political and financial, Big Pharma has seen a massive uptick in cyberattacks this year. Even worse, many people, hackers included, have had nothing but time to dedicate to indoor projects, hacking included.
One such area that has been a major target of cyberattacks has been India. For example, just two weeks after pharmaceutical firm Lupin was approved to conduct a clinical trial of Russia’s Sputnik-V vaccine, they were targeted by a ransomware attack.
India has been a hotspot for attacks, at least in part because it has done well in the medical research race to combat the pandemic. The hijacking and disruption of research offer hackers both financial and political incentives.
Financially, the ability to secure data critical to vaccine research holds a great deal of value. The data can be held hostage, and thus ransomed back to a given company, or sold to foreign bidders. While few nations would acknowledge it, the incentive to win the race to a vaccine is immense and many would be willing to pay for illegally obtained data that gives them an edge.
In a similar vein, hackers can be politically motivated too. Some may attack a nation’s pharmaceutical industry in an attempt to disrupt a company or nation’s operations for any of a number of philosophical reasons. Other hackers may, as touched on above, just want their country to “win” the vaccine race.
Another attack was made in March against pharmaceutical giant ExecuPharm, which operates out of the United States. This was again a ransomware attack, although more specific details seem to be known about this attack than those made against Lupin.
A hacker group called CLOP organized this particular attack. According to the organization, it is their belief pharmaceutical companies have been profiting on the pandemic unethically.
Whether this is true or not, CLOP has avoided attacking organizations often seen as “vulnerable” such as orphanages and major healthcare service providers. Big Pharma seems to receive no such sympathy from CLOP and many other bad actors.
Combating online crime is complex. First, it must be acknowledged that many countries are directly funding hacking groups. It is known for a fact that China, Russia, and North Korea have funded several such organizations.
In this age of the internet, cyberattacks are a logical extension of the military and spy operations nations have had ongoing for decades. This is all in addition to the many civilian hackers unassociated with their home nations, generally committing cybercrime for profit or other direct gains.
The list of cyberattacks in 2020 committed either directly or with few steps of removal by foreign governments is long. Regarding attacks on healthcare and pharmaceutical companies, both China and Iran seem notably active.
One thing to understand is that a nation able to develop and produce a vaccine stands to gain a great deal in multiple ways. For one, other nations will rely on them to provide such vaccines, a position hostile powers do not want to be in.
Additionally, a vaccine could help jumpstart a region’s stalling economy. There is almost no nation in the world that has not seen serious economic harm due to the pandemic.
The potential to stall a hostile nation’s progress or jumpstart your own nation has a great deal of allure. At present, many nations also see few consequences for these actions, even once caught. While this may change, as president-elect Joe Biden has indicated he would like it to, that remains to be seen.
2020 has seen a rise in cyberattacks against certain parts of the pharmaceutical industry rise by as much as 600 percent or more. The pandemic and associated vaccine research have contributed to this rise in more ways than one.
Cybercrime is not hindered by the pandemic the way other sources of income can be. In fact, thanks to the money flowing through various medical and pharmaceutical firms, it may be more profitable than ever. On top of that, delays can be catastrophic to vaccine research, meaning many firms that ordinarily would not pay ransoms for data may decide to do so.
What is unfortunate is both the healthcare and pharmaceutical industries are infamous for lax cybersecurity. Combined with the points above, this makes these industries prime targets for hackers.
Cyberattacks can be expensive, with some putting the average cost of a successful attack as high as 1 million dollars. However, pharmaceutical companies involved in the race to a vaccine may find it difficult to even calculate the cost of an attack.
Due to the nature of competition, firms that are able to make progress in vaccine and other medical research can produce and sell products faster. In some cases, they may even lock down certain copyrights.
If a cyberattack delays part of this process, a firm may “lose” one of these R&D races. If a rival firm can produce a competitive product faster, that firm’s research may be partially or totally wasted.
This makes calculating the risk of a cyberattack difficult without knowledge of a rival firm’s actions or just assessing only in hindsight. We at NETDepot recommend overestimating the cost of an attack when estimating risk since the penalty of doing so is far less than predicting your losses as less than they end up being.
Once a firm acknowledges the significance of online threats in 2020, what can they do going into 2021? The answer is Security as a Service or SaaS.
SaaS is a service we at NETDepot offer to companies looking to boost their cybersecurity. The fact is that many companies are ill-equipped to secure themselves. Luckily, you can hire us to do the hard parts of cybersecurity for you.
The expertise and technology required to stay safe online are significant; many firms have trouble even knowing where to begin. A service like ours allows for you to hire experts who know what their doing and can monitor your systems, all while you allowing to focus on what your company is already good at.
We also offer Data Recovery as a Service or DRaaS. This service can’t protect against all attacks but it can protect against data loss, both intentional and accidental. Even fire and flooding won’t be able to lose the data we’ve secured.
In short, we can hold important data for you so it is never lost via this service. If it is ever deleted or otherwise blocked off, we can send you a copy of the data! The service is also highly customizable so it can best fit your needs.
In addition to hiring services like those offered by NETDepot, there are some easy changes a firm can make to improve its own security.
First, a firm should be keeping work computers safe from unmonitored downloads. This is one of the biggest ways hackers get into a system; they trick employees into downloading programs and then running them.
Computers should only be able to download programs needed for the work of those who will use the device. Admin controls keep computers safe. Most employees should need IT to download new programs.
As another tip, keep your employees informed about cybersecurity. They should be taught never to share private information such as names, usernames, and passwords unless they have verified who they are talking to. In fact, sometimes sharing this sort of information may even be illegal.
Whatever the size of your firm, NETDepot can help keep you secure. Online crime is an issue that is only growing and Big Pharma needs to be ready. Unfortunately, it isn’t only big pharmaceutical firms seeing problems.
Firms of all sizes in all industries have to face the fact that the threat of cyberattacks is real. If you’re unprepared, you become a prime target for hackers. If an attack is successful, it can represent hundreds of lost hours, thousands or even millions in damages, and even lawsuits and the loss of customer goodwill.
If you’re interested in cybersecurity and would like to learn more, we hope you’ll contact us at NETDepot. We’re security experts who have helped clients of all sorts and we’d love to help you too!