Pharma’s Remote Work Cybersecurity Challenge

The massive shift to remote work meant a shift from trusted computing to untrusted networks. With many employees no longer protected by company firewalls and security protocols in the same way, new risks were introduced, especially around cloud migration and endpoint proliferation. Both large and small pharmaceutical companies are being increasingly targeted by malicious actors who seek out weaker points across the business ecosystem. While the bad news is that the increased enablement of remote and distributed work has brought on new cybersecurity challenges, it isn’t insurmountable. With the right mix of technology and mindset, organizations can proactively prepare against threats in the future.

The security challenges of remote work

The pharmaceutical industry’s expanded attack surface, caused in part by the increased number of remote workers, becomes a playground for cyber criminals. One of their tactics involves distributing ransomware, which has proliferated in the past year. According to recent Fortinet research,1 by the end of 2020, there were as many as 17,200 devices reporting ransomware each day.

The pharmaceutical industry has suffered data breaches recently that resulted in hundreds of millions of dollars in lost proprietary information and pharmaceutical research. The increasing array of endpoints that come with remote working opens doors to potential security breaches, especially with movement towards cloud migration and device proliferation. Additionally, expanding partnerships, including R&D partners, represent a critical point of entry to malicious actors. Without a holistic, end-to-end security solution, it’s only a matter of time before your revenue and bottom line will be impacted.

For pharma organizations looking to implement advanced security measures, challenges abound. Perhaps the greatest challenge is the enablement of distributed remote working, globally and at speed, as it adds risk and makes huge demands on security systems. The need to integrate vulnerable legacy operational technology and the rising value of pharmaceutical intellectual property has identified the industry as a vulnerable and lucrative target.

An additional challenge is one of mindset: the inconsistent perceptions and attitudes of risk and how those two factors can influence leadership’s will to protect vulnerable legacy technology. An increasingly digital pharmaceutical value chain demands more comprehensive security to protect data as it moves within a complex network of remote workforces and partners using disparate network, cloud, application and mobile environments.

Making work safer, no matter where employees are

Pharma companies are focused on maintaining integrity across increasingly remote-based working environments. The key to integrity for remote workers is securing distributed work and secure endpoints. Protecting this increasingly virtual and collaborative ecosystem, regardless of device or network, through the visibility of data and control of credentials, is critical. Multi-Factor Authentication alongside actionable intelligence is a must for remote work security. Next-generation endpoint security provides real-time automated endpoint protection, detection and response, while platform and firewall capacity enable safe throughput and processing of publicly identifiable information.

A number of other features can help pharma companies secure their remote workforce, in addition to the standard of offering encryption of data in transit, via a VPN. Using Data Loss Prevention (DLP) is essential for teleworking executives with frequent access to important and sensitive customer and operational data. Additional advanced threat protection involves analyzing malware and other suspicious content within a sandboxed environment before it reaches its destination to help prevent breaches. It’s critical for pharmaceuticals to provide secure wireless connectivity and access at remote work locations with full integration and configuration management.

A comprehensive outlook

As the pharma industry had to quickly upgrade its remote work capabilities last year, so now it must upgrade its security strategy. Malicious actors are smart and have taken advantage of the increase in cloud migration and in remote workers, who have access to intellectual property often worth billions of dollars. Security is crucial when reputations and R&D are on the line, but solutions exist today that help to secure environments without disrupting the flow of work. These solutions work together to create a comprehensive security framework that works for both the companies and the populations they seek to serve.

Troy Ament is field CISO for healthcare at Fortinet.

Notes

1. https://www.fortinet.com/content/dam/maindam/PUBLIC/02_MARKETING/08_Report/Global-TLR-2021-2H.pdf