Pharma Cybersecurity: How to Tackle Malware Threats

Pharma Cybersecurity: How to Tackle Malware Threats

The global pharmaceutical market is expected to grow to almost 1.2 billion by 2021,1 thanks in part to rapid advancements in digital automation and innovation. Unfortunately, these growth-generating strategies also open pharma manufacturers up to new risks.

For example, acquisitions and outsourcing create complex, multi-party supply chains with inconsistent levels of IoT/OT security. Increases in R&D funding often lead to more valuable intellectual property (IP) to protect. And, the convergence of IT and OT networks means that an attack in one area can easily spread to another.

So, where do the biggest security gaps lie? In the expanding threat surface created by increased connectivity between pharmaceutical companies’ IT, IoT, OT and cyber-physical systems.

How Cyberattacks Impact the Pharmaceutical Industry

According to Proofpoint’s Q318 Threat Report, pharma was the number one industry targeted in email fraud attacks. Why does this matter so much? Because an attack might begin with penetration of the IT network through an email phishing campaign, but it could ultimately migrate to the OT network via systems accessible to both environments. If left un-checked, malware can cause unpredictable and dangerous disruption to pharmaceutical production processes.

The High Cost of a Pharma OT Cybersecurity Incident

The NotPetya ransomware attack was extremely costly to pharmaceutical manufacturers.
The NotPetya ransomware attack was extremely costly to pharmaceutical manufacturers.

Let’s look at some of the pharmaceutical industry threats of the last few years:

  • NotPetya: In 2017, NotPetya ransomware spread quickly around the world, impacting more than 600 sites in 130 countries. Global costs are estimated at $1.2 billion,2 with one multinational pharmaceutical company taking a $300+ million per quarter hit.
  • Winnti: Two major pharmaceutical players confirmed earlier this year that they were impacted by the Winnti cyberattack, thought to be supported by the Chinese government. Fortunately, both companies reported no loss of sensitive data.
  • Unnamed Intruder: A biopharma company disclosed that a May 2019 attack harvested data from around 1% of its clients. The financial impact is not yet known.

Each one of these attacks led to direct and indirect financial loss, ranging from stolen IP to disruption of production and supply chain shortages. In some cases, they also compromised clinical trial data, and resulted in legal action related to the theft of sensitive information. The list goes on and on.

Here’s what we currently know about the pharma industry’s cyber risk profile. The sector is:

  • Highly exposed due to an expanded threat surface and lack of built-in device security
  • Already on the radar of hackers and threat actors thanks to highly valuable IP data
  • Lagging behind other industries in applying cybersecurity best practices (traditionally taking an incident-response approach versus a proactive, enterprise-wide security approach)

Ensuring Pharmaceutical Security Against IT/IoT/OT Threats

Fortunately, there are ways to proactively detect and defend against malicious attacks. An important part of neutralizing threats before they can migrate from IT to OT, or vice versa, involves early warning.

Advanced persistent threat malware goes through different phases during an attack. The Nozomi Networks solution uses behavior-based anomaly detection and multiple types of signature and rule-based detection to detect malware at each phase. It alerts operators to early stage infection and reconnaissance activities, and provides the information needed to act before a final attack occurs.

  • For early stage attacks, anomaly detection identifies irregular activity, such as a malware that is beaconing out to an external Command and Control server (C&C) through its connections to a new public IP address. It detects specific files, data and events in network traffic related to the presence of the malware.
  • In reconnaissance mode, malware prepares for an attack by triggering a learning process. During this phase, the solution’s anomaly detection identifies new commands in the host network and generates alerts that include command sources. Even if the malware uses regular manufacturing protocols to communicate, its messages will vary from the system’s baseline behavior, allowing them to be singled out.
  • If an attack occurs, it is quickly identified, and an alert is sent out. This enables staff to implement new firewall rules, or take other actions to stop further attack commands and limit harm.

Finally, because the Nozomi Networks solution is fully integrated with IT tools such as SIEMs and ticketing systems, OT threats can be handled using the tools and workflows already familiar to IT and OT staff.

Malware is just one of several operational visibility and security use cases that the Nozomi Networks solution can tackle. To learn more about how it helps pharmaceutical companies gain visibility into their complex supply chains, assess risk in the manufacturing environment and defend valuable corporate IT from cyber espionage, download the full industry brief available below.

How the Nozomi Networks solution can be deployed at a pharmaceutical manufacturing plant.
Shown here is an example of how the Nozomi Networks solution can be deployed at a pharmaceutical manufacturing plant.

Pharma Cybersecurity: Addressing the Expanding Threat Surface

Pharmaceutical companies are rapidly embracing tools and technology to gain operational efficiencies. However, automation and outsourcing increase risk and expand the threat surface. This makes it challenging to quickly address operational disruptions and deflect cyber threats.

The answer lies in OT/IoT visibility and threat detection. Without this, it’s difficult to stay on top of what’s happening on the network. One small change or networking issue can impact product quality, production uptime, plant safety, and revenue.

To find out more about addressing pharma cybersecurity and visibility challenges, don’t miss the industry brief available below.