An introduction to pharmaceutical industry cyber security
When it comes to innovation and growth, the pharmaceuticals industry is a leading global player. Yet although the sector has been a leading force in the development of new medicines and treatments, when it comes to digital transformation it has historically been a follower, rather than a leader.
That is now changing as life sciences organizations rush to embrace new tools to accelerate R&D, enhance decision-making, streamline complex business processes and improve collaboration both internally and with the wider partner ecosystem. From cloud-based analytics tools to IoT systems, AI-powered automation and more, pharmaceuticals players are discovering the value of the new data-driven world. It offers new opportunities to make better decisions faster, on everything from pricing and marketing to key R&D processes. Perhaps most radical of all, digital is helping to support patient-centric business models that can add value “beyond the pill”.
It’s nothing short of a digital revolution in pharma. But this rapid expansion of IT infrastructure brings with it new risks. Pharmaceutical IP is highly sought after by financially motivated and nation-state attackers, while employee and customer data is now regulated by the GDPR.
Pharma under fire
As more and more sensitive information is digitised and shared online between employees and supply chain partners, the risk of theft increases. Phishing remains a key threat to staff in the pharma sector, as in every vertical. According to one study over a quarter (28%) of employees would click on a phishing link, potentially allowing hackers to infiltrate the corporate network.
The other key data type at risk from online thieves is IP. It’s said to cost billions and take years to bring a single drug to market, meaning that demand is high for stolen IPs.
Why is it time for DNS-based security?
DNS is often overlooked within the IT infrastructure, although it plays a vital role converting domain names to IP addresses, so staff and external customers and partners can reach the right websites and apps. However, it was designed in a time well before the dark web and sophisticated, professional cyber crime. That means it contains some vulnerabilities which hackers are ready and waiting to exploit. It’s claimed that almost every attack uses DNS at some point in its lifecycle.
Thus, hackers could target DNS servers to redirect users secretly to phishing and malware sites. Or they could hide stolen data in DNS traffic and smuggle it right out of the organization, as many IT departments have their firewalls whitelist these packets. DNS traffic is also used by command-and-control (C2) servers to communicate with infected machines on the corporate network.
Yet because DNS traffic is so ubiquitous in the organization, and used so often by attackers, it offers a great opportunity to fight back. Nominet’s NTX analyzes DNS traffic to spot malicious behavior, right down to single packets in huge volumes of data. With this intelligence, IT teams can stop and block attacks early on in their lifecycle.
With so much at stake, pharmaceutical industry cyber security needs a fresh approach. DNS-based analytics offer visibility and control where they need it most.