Combating Cyber Crime: Pharma Under Digital Attack



Pharma IQ
05/31/2011

Reliance on computer systems has been increasing in recent years, and with it the threat of cybercrime have been growing accordingly. 

According to figures produced in a report for the UK's Office of Cyber Security & Information Assurance (OCSIA), the cost to the country's economy from cyber crime is £27 billion each year. 

This does not include the expense of purchasing systems to protect from cyber crime, which are now simply considered to be part of the cost of doing business. 

Much like in other industries where intellectual property is currency, the pharmaceutical sector is one of the primary targets for these digital attacks. 

Cost for IP theft within the pharmaceutical, biotech and healthcare sectors in the UK was found to be worth £1.8 billion each year, simply due to the large volume of data generated. 

Only by taking steps to combat cybercrime and protect intellectual property can the pharmaceutical industry keep this cost under control. 

In its conclusions about the business effects on cybercrime, the report from the OCSIA stated it was essential these intellectual-property rich industries "look again at their defences to determine whether their information is indeed well protected".

"Encouraging companies in all sectors to make investments in improved cyber security, based on improved risk assessments, is likely to considerably reduce the economic impact of cyber crime on the UK," it went on to note. 

Understanding the scope of the problem

However, this can only be done comprehensively once the pharmaceutical industry knows the threats it is facing – and these are changing almost constantly. 

Industrial espionage, IP theft and services denial were named as three key cybercrimes within the report, and criminals are increasingly finding more sophisticated ways of instigating these. 

In its annual Threat Evolution report, Kaspersky Lab noted the growing number of targeted attacks against specific companies which were taking place. 

Stuxnet, which was described as the "technological peak in virus writing", was one of the most well-publicised and damaging attacks of 2010 and exploited five different vulnerabilities in systems. 

"It is possible that now, programs like Stuxnet will be more frequently included in the arsenal of some companies and secret services," the report noted. 

Industry experts believe it is also the medium-sized pharmaceutical and biotech companies which are less able to protect themselves from cyber crime, even though it is likely to have serious implications for their business. 

"Big oil companies, global financial firms and pharma all have a very mature approach to cybercrime ... My concern is the medium-tier companies, as it's harder for them to make a business case," Jay Heiser, research vice president at Gartner, told the Independent. 

Formulating a targeted response

The pharmaceutical industry cannot hope to beat – or at least contain – the threat of cyber crime alone, and nor does it need to. Other industries including software development and financial services are disproportionately affected by digital attacks, while government services also frequently find themselves targets.

Martin Sutherland, managing director of Detica, which launched the report in conjunction with the UK government, said: "The next step is to formulate a more targeted response to IP theft and industrial espionage in particular. 

"We must mobilise joint government and industry forces to build a coherent picture of the threat and create a consistent mechanism that will allow businesses to report cyber crime without the risk of reputational damage."

Yet such an approach may not be so realistic outside of the established markets in Europe and the United States, where the pharmaceutical industry is increasingly looking to reduce its costs and access a larger patient pool.

Kaspersky Lab's report noted the rapid pace that the internet was being adopted in developing countries in Asia and Africa made them particularly vulnerable. 

India, which is expected to contribute $5 billion (£3 billion) to $15 billion in annual pharmaceutical sales by 2013, is currently suffering from the growth in cybercrime, and experts believe the government expertise is not there to combat it. 

"Investigating agencies are still lagging behind in terms of technologies or techniques to actually tackle cyber crimes. Not even two percent of the officials know what is Voice over Internet Protocol (VoIP), its use or how to take precautions," Sunny Vaghela, director of TechDefence Pvt, told IANS.

As more R&D functions are moved to these emerging regions, companies must therefore be ever more vigilant to digital attacks.