Pharma is vulnerable. The sector, which bridges the healthcare–business divide and deals extensively with data and intellectual property (IP), is a tantalizing prospect for malicious actors. It is now one one of the most targeted sectors, according to Deloitte, with over a fifth of companies suffering at least seven attacks.
Data related to medical innovation and patient information is highly valuable, and organizations that mishandle it will therefore lose stock and forfeit consumer trust. Covid-19 has compounded the situation, and to such an extent that security agencies in the US, UK and Canada had to issue a warning against Russian-backed hackers last year.
But protecting laboratories and IP is no mean feat, especially during a pandemic when nation-state actors are more active than usual, and countries are vying to win the recovery race. (There is strong suspicion, for example, that North Korea launched a cyberattack on Pfizer in a bid to secure its jab data.)
Perhaps the greatest threat facing the industry, however, lies inside the walls. That’s because insider threats are as much a public health issue as they are an economic one; they hamper a pharma company’s ability to remain competitive, and thus pose a risk to potential patients. IP may become inaccessible, which could affect drug production and lead to medicine running short. This happened when NotPetya crippled Merck for several weeks in 2017, halting its production of the leading vaccine against human papillomavirus. Damage exceeded $1 billion and trust in the company dwindled – but the implications ran deeper than Merck’s bank account.
In 2016, research scientists stole trade secrets regarding cancer treatments from their employer GlaxoSmithKline, which, incidentally, was a bad year for the company in terms of share price. Prosecutors claimed that the scientists planned to sell and market the trade secrets through a company they had set up in China, called Renopharma, proving that competitive advantage is enough to entice insider threats.
A similar risk is posed to pharma’s sister industry healthcare. Kathy Hughes, CISO at Northwell Health (New York’s largest private employer), says they are the biggest security challenge facing the sector today – and this is backed up by the Verizon Insider Threat Report, which showed nearly half of all healthcare organizations were affected by insider threats in 2019.
But what exactly is an insider threat? It is any security risk that begins within the targeted organization’s confines – be it a current employee, board member or even a consultant. There are several kinds of insider threat, all of which can fly under the radar. Employees may have malicious intentions or make a mistake – but regardless of this, they are both dangerous.
Introducing our new pharma crisis scenario
Because of pharma’s vulnerability to insider threats – from production facilities to supply chains and everything in between – we built the Insider Threat: Pharma Drama crisis scenario. The story begins when multinational company Llama Pharma discovers a rival pharmaceutical company has stolen IP regarding its groundbreaking antidepressant. A Llama representative who was seeking to get ahead had accessed restricted files, but in doing so also left a back door open for someone to siphon that data – which eventually fell into the hands of competitor VectraSolaris.
In this scenario participants must use their decision-making skills to find the insider threat, manage the growing crisis, and prevent the loss of potentially billions of dollars. As well as the chance to improve crisis management skills at a strategic level, there are also opportunities for technical teams to get involved, with purpose-built labs included throughout.
To learn more about the importance of uniting strategic and operational departments during crisis response, watch our on-demand webinar here.
Immersive Labs’ Cyber Crisis Simulator is an online solution that drops defenders and decision makers into real-time cyber crises. The system challenges teams to make critical decisions when dealing with emerging incidents such as ransomware outbreaks, insider threats, and spear-phishing attacks.