Several digital attacks against pharmaceutical companies have made news in the past few years. Back in 2017, for instance, Merck fell victim to NotPetya. The wiper malware spread to the pharmaceutical giant’s headquarters, rendered years of research inaccessible, affected various production facilities and caused $1.3 billion in damages, according to Bloomberg News. A couple of years later, European Pharmaceutical Review reported that Swiss multinational healthcare company Roche had suffered an attack at the hands of the Winnti malware group—just one year after Bayer confirmed an incident concerning the same attackers.

Attacks in the pharmaceutical industry haven’t slowed down since then. According to Help Net Security, organizations in the pharmaceutical and biotech sectors witnessed a 50% increase in digital attacks between 2019 and 2020. It appears that at least part of those attacks originated from nation-state actors who specifically sought to steal COVID-19 vaccine research. Beyond that aim, SCADAfence noted that nation-state actors commonly target organizations in those two sectors to steal intellectual property and gain a technological or commercial advantage for companies in their own countries.

There are lots of factors behind these attacks. One of the main ones is the ongoing convergence between Information Technology (IT) and Operational Technology (OT). Pharmaceutical organizations are turning to sensors and other IT devices as a means of optimizing their manufacturing processes. In doing so, however, they’re exposing their aging OT assets that weren’t designed with security in mind to the Internet—and, by extension, to digital attackers who would wish to tamper with their OT environments.

16 Sectors That Impact Us All

The IT-OT convergence doesn’t pose security challenges to only pharmaceutical organizations. After all, the pharmaceutical sector is just one of over a dozen industries where we find critical infrastructure.

When we look at critical infrastructure, the 16 sectors (Read more...)