image source: flickr
In June 2017, Merck & Co. became the target of a nasty ransomware attack, forcing the company to stop production, which hurt their profits. This incident shed light on the issue of the increasing threat of sensitive company data falling into the wrong hands. With biotech companies embracing digitization and storing enormous amounts of data on the cloud, implementing heightened digital security practices has become imperative.
The National Counterintelligence and Security Center recently identified the biotechnology industry as highly susceptible to foreign hackers looking to steal US intellectual property and trade secrets. According to their report, “The United States remains a global center for research, development, and innovation across multiple high-technology sectors. Federal research institutions, universities, and corporations are regularly targeted by online actors seeking all manner of proprietary information and the overall long-term trend remains worrisome.”
What Is at Stake?
Among the main concerns for biotechnology firms is the protection of their intellectual property. This includes elements such as instrumentation designs used in manufacturing, custom chemical/reagent formulations meant to enhance efficiency, trade secrets, and custom software. These may or may not be patented, but are critical drivers of organizational operations.
Data related to these elements is typically stored in a combination of enterprise software such as ERP, PLM, and file share, among others. While these systems can become susceptible to cyber attacks, using cloud storage doubles this risk.
The areas of concern for the biotech industry with respect to cybercrime can be classified into:
• Clinical Trial Data: This comprises confidential patient information that is gathered during clinical trials. It is highly sensitive at both, patient and commercial levels.
• Confidential Data: This refers to the manufacturing of biological drugs, the processes involved, and the corporate know-how.
• Commercial Data: This includes information about the drug’s pricing and promotion strategies.
Mitigating the Risk of Cyberattacks
In biotechnology companies, data is highly vulnerable to loss and/or compromise from internal as well as external sources. With widespread collection and use of data, and the increasing intensity of cyber attacks, biotechnology companies need to have an effective cyber-defense program in place to protect themselves against data leakage, theft, and espionage.
image source: proofpoint
Alleviating Internal Threats
Corporate know-how, trade secrets, and source codes should be safeguarded from unintended as well as intended disclosure by company employees. Biotech firms will do well to restrict the access to information regarding vulnerable intellectual property only to the key employees. Further, limiting data usage helps secure it. When limiting data access, however, consider allowing the key employees to come in contact with only the necessary portion of the protected information.
You may also want to consider getting your employees to sign non-disclosure agreements, become alert to and monitor the behavior of displeased employees, and implement steps to track illegal and/or needless data access efforts.
Another crucial factor to consider here is the disclosure of trade secrets and know-how by business partners. The best way to prevent this is by restricting the disclosure of sensitive information to them. Consider sourcing key components from multiple suppliers so that specific chunks of sensitive information are revealed to any one party.
Last but not least, all disclosures must be assessed prudently and restricted judiciously in regions where laws related to the protection of sensitive company data are lax.
Protecting Data from External Threats
The main sources of external threats to data include online breaches and system hacks, where sensitive data can be easily compromised. Company owners need to ascertain that their systems and internet connections are protected with solid security protocols consisting of firewalls, security monitors, intrusion detection and prevention systems, and more.
Using encryption technology helps. For it to work, however, company owners need to determine exactly what needs to be encrypted. This can include anything, from sensitive emails to trade secrets.
Another aspect that needs to be determined relates to using file-level or full-disk encryption. The former refers to encrypting specific files while the latter means encrypting all data present on a computer system or server.
Storing confidential data on computer systems that are never connected to the internet can also work, provided the access to this information is limited to a few trusted people. Company data stored on computers can also be secured by ensuring that the servers are safe enough to house such information by making them as locked-down as possible to prevent any kind of data breach.
There’s no denying that cyber attacks are on the rise, which means biotech companies need to be on guard at all times to protect their sensitive data. Biotechnology is an arena where data can either make or break companies. It is, therefore, critical to ensure it isn’t misused or manipulated to develop destructive bioweapons.
While implementing enterprise-wide high-level cybersecurity measures is a job for the professionals, biotech firms regardless of their size, should wake up to the dire need for such actions. Hopefully, the above few pointers will point you in the right direction.