By Sreeji Gopinathan, CIO, Lupin Limited.
Employees equipped with the ability to make the right decisions today, can help build a safer tomorrow for their firms
With the pandemic ushering in disruptive changes across the business landscape, a cure for virus has been in the limelight. As pharma firms worked on developing and producing drugs and vaccines to address COVID-19, their efforts also attracted the interest of global hackers.
There has been a significant uptick in the number of attacks on players involved in the fight against COVID-19 from hospitals, health departments, government agencies to vaccine makers and pharma companies.
Attackers have been attempting theft of intellectual property related to COVID-19 and provide a competitive advantage to their potential buyers for financial gains. Since India has emerged as a global leader in the world’s vaccine production efforts, Indian organizations have been in the cross hairs of the attackers hoping to extract medical research, clinical trials or vaccine production related data.
From priorities to vulnerabilitie
While confidentiality and availability are two important elements of cyber security, data integrity remains the most critical. Data Integrity is a fundamental for ensuring the quality and safety of drugs. It is also major global concern for health authorities and the pharma companies. With more employees working remotely, it is important for all pharma companies to ensure that their electronic records are trustworthy and reliable across the entire data lifecycle and even for long-term archival.
Cybersecurity strategies in the pharma industry were primarily driven by compliance requirements. Firms handle a huge amount of patient and healthcare data and as more information gets digitised, companies tend to become a target for cyber criminals who are on the lookout to exploit any weaknesses in the defences. Cyber-attacks have become more sophisticated, subtle and have even more devastating consequences.
While integrated networks leading to complexity, outdated legacy systems and insider threats are conventional areas of concern, with the adoption of cloud, IoT and remote working the surface area for digital attacks have expanded significantly.
How cyber-attacks can be prevented
More than ever before there exists the need to protect technical processes from human error and digital threats. As companies adapt to remote workforces, their cybersecurity teams need to address the new potential risks that come with it. In order to prevent cyber-attacks from taking place, companies need to ensure strict procedures and protocols are in place. An integrated security operation is the need of the hour. It includes data classification, access controls, proactive approach, continuous rigorous monitoring & alerts using analytics, command and control reactive approach, DR & BCP testing on a regular basis and so on. These procedures can be audited to assess the level of risk to IT systems, information and patient data safety in order to ensure data accuracy and consistency in the data lifecycle.
Employees are now the first line of defence for cyber-attacks
At any organisation, employees are the first line of defence for Cyber-attacks. Organizations can have the best technologies to fend off cyber criminals but one wrong click by an employee on a malicious email can make the entire network vulnerable to a cyber-attack. Hence, it is imperative for companies to sensitize their workforce on cyber security and equip them with the right knowledge and training.
CIOs and other IT leaders should prioritize regular training sessions and even mock tests to keep employees updated. A trained workforce would be able to dismiss threats such as phishing, social engineering, email impersonations etc. They can be expected to exercise adequate caution, raise red flags if required and also follow a response mechanism in case of a cyber-security incident. This would in-turn address most critical security threats, help identify vulnerabilities and protect data across the entire digital spectrum, whether in networked, multi-cloud or edge computing environments.
A safer tomorrow
A strong foundation needs to be built to ensure that pharma companies can mitigate, address and altogether be on constant vigil to deal with the risks posed in current scenario. Besides automation and other cybersecurity tools, an organization wide security-first mindset and a trained workforce are critical. Visibility to make the right decisions today, can help shape a brighter and safer tomorrow.
“This article was first published on June 17, 2021 in ETCIO”