Placeholder Banner

Protect Yourself from a Hack Attack

April 24, 2013
Gone are the days when biotech’s biggest activist threats came from lab break-ins and physical attacks. Today almost anyone wishing to damage companies can steal, disrupt or harm employees 24-hours a day and from anywhere in the world.

Hackers are anything BUT anonymous
Last year the notorious group Anonymous took credit for hacking Monsanto Co. due to the company’s alleged “crimes against humanity.” It was the third hack Anonymous aimed against the the company, and was accompanied by a threatening message: “We are aware that posting this outdated database will do little to harm you. Rest assured, we will continue to dox your employees and executives, continue to knock down your websites, continue to fry your mail servers, continue to be in your systems, and continue to expose [you].”

The first time Anonymous targeted Monsanto was in June 2011. Anonymous pledged to keep up its attacks: “Monsanto, these crimes will not go unpunished. Anonymous will not spare you nor anyone in support of your oppressive illegal business practices.” Anonymous then identified future targets: the Alliance for a Green Revolution in Africa (AGRA) and its founding members; Monsanto, Novartis AG, Sanofi-Aventis, GlaxoSmithKline plc, Procter & Gamble, Merck & Co. Inc., Mosaic Co., Pfizer Inc., Sumitomo Chemical Co. Ltd. and chemical company Yara. The post ended with the hackers’ signature and ominous closing line: “We are Anonymous./ We are legion./ We do not forgive./ We do not forget./ Expect us.”

Some “friend”
Just months prior to the Monsanto mess, a friend of a fired Shionogi, Inc. IT employee walked into a McDonald’s in Atlanta and ordered a $5 meal deal. Within minutes, according to FBI reports, he logged onto the free wifi and deleted the contents of 15 virtual hosts on Shionogi’s computer. Authorities estimated the losses at close to $1 million.

I’ll take that…
Bio-espionage is another big motivator for attacks against biopharma companies, according to the PwC report. Theft of intellectual property from U.S. companies alone exceeds $200 billion per year. But Kevin G. Coleman, strategic adviser with the Technolytics Institute, wrote that “incidents may be under-reported by a factor of 100 times.”

Despite the specific threats made against the biopharma industry, most companies remain woefully unprepared for cyber attacks.

You think you have a plan. Think again
PricewaterhouseCoopers did a study alongside CIO and CSO magazine and found that 47% of the pharma responders have a security strategy in place, yet only 10 percent actually employ a Chief Information Security Officer, have a security strategy that is reviewed annually, and understand the security threats of the past year.

Protect the process, protect the product
The lifeblood of the biotech industry is its data. From intellectual property to manufacturing procedures, shipping information, and patient clinical trial data, almost no other industry is at such a risk for security breaches.

An analysis of the PwC report and biopharma companies reveals that this industry has several unique security requirements:
• As a highly targeted sector, biopharmas need more comprehensive security than other industries
• The volatile nature ofthe biotech industry means that companies need scalability: the ability to increase IT resources rapidly during a product launch or expansion, or to quickly reduce IT expenditures due to downsizing
• With only 10 percent of pharma companies having a C-level security executive, they must rely on outside vendors for security needs
• Due to the vast amounts of data to be transmitted and stored securely, biopharma companies need a solution that provides security, fast processing and ease-of-use

One-click scalability
Like other industries, biotechs can experience rapid growth upon a financing or successful product launch. Rapid decline can necessitate a quick decrease in employees and facilities, and consequently, IT resources.

Cloud computing makes it easy to scale, infinitely, if needed, overnight. With the click of a button a cloud provider’s datacenter can be constantly upgrading its hardware with room to grow. Unlike
traditional server set-ups, cloud users don’t pay for server space they’re not using.

Securing your cloud
A secure, private cloud combines users’ purchasing power without combining their data. Companies can benefit from zero-day threat protection, military grade firewalls, back-ups to offsite locations, real-time attack monitoring, and custom applications designed by security experts. The best cloud datacenters also offer security features like 24-hour patrol by armed security guards, video monitoring, back-up generators, 24-hour technical staff, and secured facility access-meaning that data is safe even from physical attacks.

Is cloud computing right for you?
Any big change to an existing IT set-up requires in-depth deliberation. Biotech companies thinking of moving to the cloud should identify a few key areas before making the switch or looking for a cloud provider:

• Number,size and security needs of websites
• Amount of hosted data, including email and mobile data
• Security levels needed for data related to IP, clinical trials, patients, customers, partners and employees
• Adherence to government regulations or industry standards

Peter Lanier is the COO of Airlock, which offers simple and affordable secure cloud hosting.