Sponsored Article
Sharing life sciences data is not the enemy of cybersecurity, it is key to its success
Author : Mark Yeeles, Schneider Electric
13 October 2022
Keeping sensitive data secure and protected can be a minefield. The pandemic highlighted shortcomings in a myriad of global industries and critical infrastructures, with the fragility of the pharmaceutical industry becoming a national cause for concern as it buckled under the pressure of a series of high-profile cyber attacks.
The threats extend to the manufacturing processes of today’s global pharmaceutical companies. As an industry highly reliant on effective utility operations and IT infrastructure, the threat of cyber attacks is greater than ever.
The life sciences industries are based on interconnectivity, data transfer and an open approach to collaboration and support, yet how can we protect and secure this critical infrastructure and research while enabling the data transference required?
Facing the deadly challenge of cyber attacks
Critical services, such as health and social services, are heavily reliant on digital infrastructure. This is also true for other life science companies, where rapid digitisation has exposed potential flaws in operational efficiency and digital security.
Increased demand has put pressure on often overstretched or un-optimised digital infrastructure, from pharmaceutical development and production to frontline health services. The result of an outage or attack anywhere along the supply chain can have long-lasting and severe consequences. For example, in 2017, as part of the broader NotPetya attacks against Ukraine, the pharmaceutical company Merck was targeted, resulting in a complete system outage for several weeks and over $1 billion worth of damage and lost sales. As the company was interconnected with hundreds of suppliers and customers, many other businesses experienced lasting fallout due to common systems being compromised.
In drug and pharmaceutical production, the impact of a targeted attack could be lethal, as seen in the extended period of supply inequality following the NotPetya attacks. Trust is a major concern and something often weaponised by bad agents.
In 2020, the European Medicines Agency was the target of a cyber attack. As a result, documents relating to the Pfizer/BioNTech Covid-19 vaccine were compromised and released in edited form to devalue vaccine trust. With breaches of this nature, systems that regulate and ensure compliance with international standards and safety processes could be exposed and patients' private information may be put at risk.
In addition, major outages could result in shortages or failures in critical medical supplies both in the UK and worldwide. According to the FDA, failures in product or facility quality are the leading cause of disruption to manufacturing – resulting in 66 percent of all drug shortages worldwide.
At the same time, flexibility is becoming increasingly important. From the transference of patient records and treatment plans to medical research, analysis, and operational data, we are seeing a steady shift towards a need for open and readily accessible data and data transfer networks. This widens the potential fallout of a successful cyber attack.
At face value, this necessity for increased collaboration appears to present a significant problem. By widening accessibility between companies and industry, more opportunities for cyber attacks will surely follow. However, by transforming the approach to data and not just the process, the life science sector can introduce more robust, resilient, and accessible systems.
Exposing weaknesses in critical infrastructure
Businesses have now embraced digitalisation, and the ease with which physical devices and software can be linked to personal data and customisable products is ever-increasing. The same can be said of the life sciences industry. Data continuity is, perhaps, the most important concept in pharmaceutical manufacturing, requiring secure infrastructure and equipment at every production stage. Covid-19 meant that big players in the pharmaceutical and medical field had to work together and delegate production and supply, opening the door to potentially devastating cyber attacks. If one part of the chain is exposed, the rest can follow.
A blind spot that hackers can use to gain access comes from an unexpected source. Sustainable power solutions, such as solar or battery systems, have inherent weaknesses that can be targeted in cyber attacks. Linking these and other automated services and systems to a company's supply chain or interconnected digital framework creates an ever-expanding web of potential avenues for exploitation and data breaches. Leaving the door open for cyber attacks in such a critical sector can be incredibly damaging to the long-term reputation of the service, company, or organisation.
A holistic approach to end-to-end security
With modern networks and infrastructure comprising enterprise IT, product lifecycle, manufacturing sites, infrastructure, and the broader ecosystem, a robust cybersecurity strategy must start with the identification of potential risks. It is important to consider the whole digital ecosystem instead of focusing on each of these areas individually, to build an interconnected security approach.
While keeping processes and data in silos and compartmentalising production avenues and business sectors can limit the potential impact of a cyber attack, this limits organisational effectiveness and collaboration essential to the sector’s success.
To combat this, a holistic approach to cybersecurity is required. Enabling fluid data transmission across systems, both internally and externally, while ensuring robust, resilient network security allows companies to use more secured sites, reinforce manufacturing processes and maintain operational efficiency. This gives high levels of protection against digital threats and bolsters confidence amongst partners and customers.
Effective cybersecurity goes beyond investment in software and infrastructure. The education and support of your employees are essential to success and employers must ensure their staff are trained on best practice.
By training staff in cybersecurity, you will minimise threats from areas directly controlled by employees, such as system controls, emails, and credential-controlled processes. This same methodology also applies to partners, collaborators, and suppliers.
In the digital age, creating and executing a strategy that allows you to see, reduce, and respond to cyber threats and risks is critical for achieving your financial objectives and building trust in the industry.
Data integrity is crucial, and when it is used to make reliable and trusted decisions across regulators, manufacturers, patients and staff, a holistic, end-to-end approach must include all forms of data, from the less critical to the highly sensitive.
A practical cybersecurity framework should enable you to identify risk, safeguard infrastructure and contain threats, detect incidents before they happen, swiftly respond with immediate action, and support fast recovery through precise planning. It is not enough to protect the perimeter, especially if you work with connected networks between organisations.
The future fight against digital warfare
A strong cybersecurity strategy is fundamental. Ongoing business practices that help you identify, mitigate, and reduce risks by applying standards and good practices to your people, processes, technology and research are vital. As the world continues to digitise and the life sciences face increased pressures to increase production and operational efficiency, risks must be identified and mitigated even before they appear.
As seen with sustainability strategies, companies must be forward-thinking and embrace modular, flexible, and well-defined approaches to safeguarding high-value assets and critical infrastructure. These systems must be capable of dealing with evolving threats, even if those threats do not yet exist.
Schneider Electric previously shared how there was a 50 percent increase in cyber attacks on the biotech and pharma industry between 2019 and 2020. In a world where digital warfare is increasingly common, such critical infrastructure must be capable of continuing to function in the face of increased threats.
Contact Details and Archive...