Cyber resilience: A high priority

The upheaval wreaked by the COVID-19 pandemic has ushered sweeping digital and technological transformations across businesses in its wake. But, it has also amplified the threat of data breaches and cyber-attacks.

Cybersecurity firm, McAfee recently reported a “605 per cent increase in coronavirus-related cyber disruptions globally.” Companies engaged in research, science, and technology were the key targets, as per the report. Between July and September 2020, companies witnessed a 19 per cent rise in such attacks

As Charlotte Dunlap, Principal Analyst at GlobalData, observes, “In a pandemic that is prompting accelerated digitisation, having integrated monitoring and observability cloud services are crucial to application lifecycle management for providing insight to app performance, efficiencies, and governance/security. Alongside the need to fast-track business transformations comes the risk of software bugs, security breaches, and performance bottlenecks.”

A mounting menace

The pharma sector, with a central role to play in the world’s response against the pandemic, has been forced to innovate in ways unprecedented. This, in, turn, has accelerated digitalisation and automation in the industry. But, it also increased its susceptibility to cyber-attacks. Pharma and life sciences have seen a spate of cyber-attacks since the onset of the COVID-19 pandemic.

A report from BlueVoyant, a US-based cybersecurity firm, revealed that in 2020, eight renowned firms involved in the development of a COVID-19 vaccine faced targeted malevolent attacks. It also found that nation-state espionage was growing aimed at stealing COVID-19 vaccine research data.

Several pharma and life sciences companies in India too have been targeted by cybercriminals over the years, with Lupin and Dr Reddy’s Laboratories being recent examples.

“India is currently ranked as the sixth most vulnerable country where pharma companies are open to attacks from cybercriminals. Indian pharma companies are witnessing major cyber threats as they deliver affordable medicines on a large scale during the COVID-19 pandemic. These attacks can be directly attributed to the fact that India is one of the countries developing vaccines for COVID-19,” explains Vishal Jain, Director of Inspira Enterprise, a managed security services provider

To understand India’s susceptibility to cyber-attacks, check out the box below.

An expanding threat landscape

Experts cite lack of effective cyber hygiene, virtualisation of businesses, increasing amount of data creation and storage, archaic infrastructures, remote working, compliance needs, state-sponsored attacks, growing network complexity, distributed networks etc. as chinks that add to pharma companies’ vulnerability to cyber-attacks.

Jain says, “In 2020, like many other industries, pharma companies are also undergoing a rapid digital transformation, with data being collected and managed online more than ever before. The enormous amount of data that resides with these companies is making them prominent targets of cyber-attacks. Even employee errors or negligence have been a weak link in compromising cyber hygiene.”

“Cyber threats that pharma companies are witnessing are due to multiple reasons like cloud migrations, the massive surge in remote work, distributed networks and acquisitions, an increasingly complex network, compliance requirements and so on,” states Pramod Sharda, CEO of IceWarp, India and Middle East, a company providing secured email communication and collaboration solutions.

“Two key factors are fuelling the rise of cyber-attacks and vulnerability of the pharma businesses, especially in the pandemic. Firstly, given the acceleration in virtualisation of businesses across the board, the attack surface has increased vastly, opening up more opportunities for cyber attackers to exploit. Secondly, now that the data is fragmented and confined to archaic infrastructures, the business vulnerability increases as a single data breach can setback the drug research processes to months or even years,” highlights Ramesh Mamgain, Country Manager, India & SAARC of Commvault, a data management and protection software company.

Catastrophic consequences

Data breaches, cyber-attacks on pharma and healthcare companies, who are privy to a lot of sensitive data, can wreak havoc that can have far-reaching consequences for not only the companies but the society at large.

An expert in technology law, GV Anand Bhushan, Partner, Shardul Amarchand Mangaldas & Co, says, “Typically when a pharma company bears the brunt of a cyber-attack, it can have a devastating impact on the company ranging from stolen IP, repeating clinical trials, contaminated drugs, physical damage and downtime, litigation, and lost revenue.”

He adds, “Data stolen from pharma companies is extremely valuable as hackers can sell personal patient in