BACK TO CONTENTS
but now it can no longer be denied. Companies now need to work on the assumption that a focussed and determined attacker will get in. Therefore, the emphasis should switch to understanding normal activity and monitoring for anything anomalous. Once detected, threats or incursions then need to be quickly addressed before it is able to have a material impact.
It is clear that cybercrime is proliferating at a dramatic rate. In their 2013 report on the economic impact of cybercrime, McAfee and The Centre for Strategic and International Studies estimated the global cost to be in the region of $300bn - whereas just a year later, in their 2014 report, that estimated cost had grown to more than $400bn1&2
FOCUS 5
through intellectual property theft, industrial espionage and extortion; customer and client lawsuits; loss of productivity – there are other signifi cant impacts too. With the type of data that is handled by the industry, and the products that they produce, the social and human impact of security breaches in the pharmaceutical industry could be considerable and company executives can expect to be held personally accountable. One of the biggest costs is probably the hardest to quantify of all - the damage caused to the brand itself, and the uphill battle to regain public trust.
A VARIETY OF THREATS . Meanwhile, the
2014 Verizon Data Breach Investigations Report observed that there had been “more incidents, more sources, and more variation than ever before.” Whilst Verizon did not break out pharma specifi cally, they recorded nearly 300 security incidents in the manufacturing and healthcare sectors combined – one of the highest counts amongst nearly 20 sectors3
. According to
IT security ratings specialist Bitsight, the healthcare and pharmaceutical sector suffered a higher increase in cyber-attacks in the period 2013-2014 than any of the other industries it tracked4
.
1 2 3 4
mcafee.com/uk/resources/reports/rp-economic-impact-cybercrime.pdf mcafee.com/uk/resources/reports/rp-economic-impact-cybercrime2.pdf verizonenterprise.com/DBIR/2014/
zdnet.com/healthcare-cybersecurity-worse-than-retail-bitsight-7000029964/ © 2014 KPMG LLP, a UK limited liability partnership, and a member fi rm of the KPMG network of independent member fi rms affi liated with KPMG International Cooperative, a Swiss entity. All rights reserved.
The true cost and extent of cybercrime is likely inherently diffi cult to accurately estimate. It can be assumed that many attacks go undetected, many incidents go unreported and the long term impacts may be hard to predict; the true long term economic impact may be even higher. Moreover, as high as the fi nancial costs are -
Hackers can penetrate systems for a variety of ends. An extreme scenario could see a third party entering a manufacturing facility and altering the quantities of ingredients in production, thus invalidating entire batches. The victims could either be forced to offer a ransom to halt the activity, or alternatively pay specialists to fi x the problem and seal up the leak. In other scenarios, trials worth tens of millions of pounds could have to be halted due to cyber intruders tampering with the data.
State sponsored espionage is another major threat, with unscrupulous competitors eager to steal product designs, manufacturing know-how or access R&D data on new compounds, in order to rush similar products through clinical trials and onto the market.
The recent growth in M&A in the pharma sector represents another threat. If sensitive data is passed between parties via unsecure communication methods, there is the danger of it being intercepted by others and sold on or leaked
CYBER SECURITY
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41