Key cybersecurity trends in pharma

Credit: Getty Images/the_burtons

Maintaining the security of IT systems is a constant struggle for organisations of all types. Cyberattacks are frequent and increasingly complex, perpetrated by those furthering a geopolitical cause or attackers intent on making money. In 2021, enterprises invested more in cybersecurity and cloud architecture due to employees working remotely during the pandemic. This also sparked a mergers and acquisitions (M&A) boom in the tech sector. 

Listed below are the key technology trends impacting the cybersecurity theme, as identified by GlobalData.

According to the EU Agency for Cybersecurity (ENISA), there was a 150% rise in ransomware attacks from April 2020 to July 2021. ENISA has described the threat picture as the “golden era of ransomware”—partly due to attackers’ multiple monetisation options. Ransomware is a multi-faceted offensive campaign that also involves an attack on the brand reputation of the victim. Attackers are now operating secondary monetisation channels, auctioning exfiltrated data on the dark web. 

 A Cybereason survey found that 35% of businesses that paid a ransom demand paid between $30,000 and $1.4m, while 7% paid ransoms exceeding $1.4m. About 25% of organisations reported that a ransomware attack had forced them to close down operations for some time.

In the absence of strong security measures, cyber attackers can target the misconfigurations of security settings to steal cloud data. A March 2022 ‘Cloud Security Report’ from Check Point Software, based on a survey of 775 cyber security professionals, revealed that cloud security incidents were up 10% from the previous year, with 27% of organisations citing misconfiguration, ahead of issues like exposed data or account compromise. 

Cloud misconfiguration is typically caused by a lack of awareness of cloud security and policies; inadequate controls and oversight; too many cloud application programming interfaces (APIs) and interfaces to adequately govern the system; and negligent insider behaviour. 

Protecting chips from cyberattacks is becoming a necessity as chips end up in mission-critical servers and in leading-edge, safety-critical applications. As systems vendors and original equipment manufacturers (OEMs) increasingly design their own chips, rather than buying commercially developed devices, they are creating their own ecosystems and are, therefore, making security requirements much more of a home-grown concern. 

Macroeconomics is a key driver. The discovery in 2017 of high-profile security vulnerabilities—notably Meltdown and Spectre—meant chip vendors had to patch their security holes with software. That meant that customers, who had upgraded their servers to make the most of new processors, then lost much of their performance improvement. That, in turn, forced them to add more servers to process the same volume of data in the same amount of time.

Cyberattacks targeting software supply chains are increasingly common and typically devastating. They came to the fore in 2020 when Russian hackers broke into SolarWinds’ systems and added malicious code to the company’s software system. 

SolarWinds provides system management tools for network and infrastructure monitoring, and approximately 33,000 customers use its Orion platform to manage IT resources. Ultimately the hack would turn out to be one of the biggest cybersecurity breaches of the 21st century, affecting thousands of organisations, including the US government. 

These attacks are effective because they can take down an organisation’s entire software supply chain and services, resulting in massive business disruption. Organizations can evaluate their attack surface and develop systems and infrastructure to defend against threats and manage vulnerabilities. 

Cyber threats against CNI are increasing, and governments are taking steps to recognise them. The 7 May 2021 attack on the Colonial Pipeline fuel facility in the US alerted governments worldwide to the risks such an attack can bring to CNI. 

In Australia, the list of regulated CNI sectors has expanded to include higher education and research, communications, banking and finance, data, defence, energy, food and grocery, healthcare, space technology, transport, and water and sewerage. This formal expansion of CNI coverage will become a global trend as governments address cyber risks. 

CNI organisations are increasing anti-ransomware precautions, mandating multi-factor authentication for remote access and admin accounts, locking down and monitoring remote desktop protocol (RDP), and training employees to spot phishing attacks and other threats.

AI is essential to information security. It can swiftly analyse millions of datasets and identify various cyber threats. But attackers can also use AI as a weapon to design and carry out attacks. AI can mimic trusted actors, copying their actions and language. Using AI means attackers can also spot vulnerabilities more quickly, such as a network without protection or a downed firewall. 

AI can also find vulnerabilities that a human could not detect, as bots can use data from previous attacks to spot slight changes. Cybercriminals can use data collected from a specific user or other similar users to design an attack to work for a particular target.

Managed security services (MSS) provision is growing. According to the UK government’s 2022 Cyber Security Breaches Survey, 40% of businesses and almost a third of charities (32%) use at least one managed service provider. The core of an MSS provider’s (MSSP) business is in providing round-the-clock security monitoring and incident response for an enterprise’s networks and endpoints. However, as enterprise networks grow and evolve, support for other platforms, such as cloud-based infrastructure, has become a critical component of MSSP’s security portfolio. 

Using an MSSP is typically intended to augment or replace an organisation’s internal security team, while other services offered by providers include intrusion prevention systems (IPS), web content filtering, identity access management (IAM), privileged access management, vulnerability scanning, and threat intelligence. 

The increasing number of attacks against CNI has led to cyber authorities worldwide working more closely together. According to US Cyber Command, the US military plays a more offensive, aggressive role in combating digital threats. The UK now has a National Cyber Force, whose activities build on a previous National Offensive Cyber Program. France also has a cyber strategy with both defensive and offensive capabilities. 

This is an edited extract from the Cybersecurity – Thematic Research report produced by GlobalData Thematic Research.