Last year was the best and worst of times for Andrew Sewell, Professor of Infection, and Immunity at Cardiff University. 2020 began with his team hitting the headlines for a discovery that could lead to a universal cancer cell therapy. A licensing deal with the UK start-up quickly followed, but this moment of celebration made him a target for an attack within minutes of the announcement.
Sewell told Labiotech how within 20 minutes, he received a notification from Facebook that his account was under attack. Within the hour, all his social media and university accounts were unavailable. His wife quickly became the next target as attackers left the couple feeling powerless within minutes of their moment of celebration. Sadly, this is just one of many examples of how our digital footprint can help criminals steal data or sabotage companies.
Why are biotech start-ups and the pharmaceutical industry under attack?
The industry handles highly lucrative IPs such as new treatment and vaccine research data. When combined with patient and healthcare data, it represents a lucrative bounty for criminals looking to compromise, steal and exploit sensitive information. But the bad guys are not just cybercriminals looking to make quick cash. It can even be nation-state espionage with a hidden agenda.
The impact of such an attack on a Biotech start-up immediately before an IPO when the world is watching is enough to keep any founder awake at night. According to a Blue Voyant report, attacks on the biotech industry increased by 50% between 2019 and 2020, and we can expect this trend to continue.
The global pandemic has placed biotech start-ups into a highly elevated risk environment. Predictably, ransomware, phishing attempts, and targeting vulnerable and unpatched web applications remain the preferred attack methods.
How can biotech’s better defend themselves from attackers?
By collaborating with a cybersecurity partner, they can help with health check assessments and understand your current cyber risk posture, which will help you improve your cyber hygiene across the organization. In addition, recent cyber-attack trends highlight the importance of building a risk-aware culture by increasing awareness of cyber security issues in the industry.
It is also worth revisiting the access rights of your employees. Granting full access to individuals is a disaster waiting to happen that will result in far-reaching damage. The management of identities and permissions of all employees in a biotech start-up will play a critical role in limiting the risks around compromising valuable data.
With an increasing number of data breaches being caused by a vendor or third-party provider, it’s also critical to look beyond your internal teams when it comes to mitigating cybersecurity risks. For example, if you were to assume that at some point, any of your suppliers could get compromised, can you safely say that you know exactly what access that they have on your systems? Do you know how robust their cyber security protocols are? And do they possess a cyber resilience accreditation, such as Cyber Essentials?
Mitigating the Risk of Cyberattacks
It’s no secret that cyber-attacks are on the rise across every industry, with headlines around data leakage, theft, and espionage dominating our newsfeeds. Biotech companies reside in an industry where data can either make or break a company and need to be always on their guard.
Every biotech start-up deals with intellectual property, financial and sensitive healthcare information that attackers want to steal and hold the owners to ransom. But a Robust Network Solutions cybersecurity strategy can help your organization prevent attacks and mitigate the consequences of a successful attack.
Andrew Sewell’s story is a timely reminder of how our digital footprints can leave a biotech start-up extremely vulnerable at a time when you should be celebrating. Whether a medical discovery, new partnership, or IPO, there will always be attackers waiting in the wings to exploit any vulnerabilities and hold you or your company to ransom. These are just a few reasons why a proactive approach to cybersecurity should be a strategic business imperative for business leaders.
If you are the start-up founder of a biosecurity start-up and would like to discuss your experiences and insights of how you are building immunity from cyber-attacks or would like further consulting on the matter, please reach out to our team at Robust Network Solutions.