Pharmabiz
 

Cyber security key in pharma and healthcare to ensure protection of information

Thursday, January 24, 2019, 08:00 Hrs  [IST]

113648interview Cyber security needs to be integrated in life cycle of pharma and healthcare industry processes to ensure sensitive information and business secrets are protected all times. From an India standpoint, Cyber security being a strategic sector, the Ministry of Electronics and Information Technology has directed procuring government entities to provide preference to all domestically manufactured cyber security products and encourage ‘Make in India’ to build an eco-system. We are investing in putting together incident response platform automation to improve overall efficiency from time-to-detect to time-to-respond for security monitoring and operations, says Jaykishan Nirmal, senior vice president, Threat Management, Aujas, in an exclusive interview with Nandita Vijay. Excerpts:


How would you describe the current scene for cyber security in healthcare and pharma sector in India and globally?
As the pharmaceutical industry routinely deals with a very high amount of intellectual property and sensitive data, Information Security Governance and controls are a fundamental requirement that has to be addressed by all the entities involved, be it the outsourcer or outsourcee, and in a manner such that the controls extend beyond their perimeter and includes their partner entities so as to facilitate access without compromising on security. Regulatory authorities in USA and Europe have also tightened measures to ensure healthcare related information is protected at all levels.

Verizon’s annual Data Breach Investigation Report studied 1,360 security incidents involving the healthcare sector globally and concluded that 58 per cent of the incidents were caused by insiders and 42 per cent were caused by external threats. Healthcare and hospital networks, notedly in US and Canada, were attacked with ransomware attacks. ‘NotPetya’ malware was one such attack which made news, resembled the famous WannaCry ransomware attack and impacted thousands of computers across the globe.

There has been an onset of lot of cyber security initiatives. 79% of pharmaceutical companies are currently making investments in identity & access management (IAM) as stated in GlobalData’s survey. Investments in IAM technologies are impelled by the need to manage user identities and ensure legitimate users can get appropriate level of access to sensitive business information when they need.


What are the visible trends that you sight in this space?
Like every industry, the pharmaceutical industry is also continuously embracing innovation in the way they operate to decrease costs and improve efficiency. More and more pharmaceutical behemoths are embracing the outsourcing model with a multitude of partners. IT acts as the essential enabler for information and data exchange between the various partners in the outsourced model.

However, with advantages also come the disadvantages. Where in the past these co-operating entities were internal departments of the same organization accessing the sensitive information and data, now organizations have a number of outsourced partners such as Contract Research Organizations, Pre-clinical and clinical service providers/laboratories, manufacturers, data management providers, managed IT service providers with whom sensitive Intellectual Property, trade secrets and data have to be routinely shared or exposed on a controlled basis. Where in the past the sensitive information never left or was never accessed outside the organization’s well-defined physical boundaries, today sharing them or having them accessed electronically by outsourced partners has become a routine requirement in a world with fuzzy and unclear digital boundaries.

 What are the challenges you spot when managing cyber security needs for the two sectors?
Biotechnology and R&D pharmaceutical companies are either dependent on their in-house R&D centers, or they rely on biotechnology companies to provide them with licenses to manufacture patented products. Because of which cyber security needs to be integrated in lifecycle of pharma and healthcare industry processes to ensure sensitive information and business secrets are protected all times.

Generally, pharma and healthcare industry are concerned key areas such as Intellectual Property/PII/PHI related protection. This covers Protection of formulas, contracts and pricing, clinical research, third party contract and PII related information. Then there is risk & compliance, IoT and cloud usage, supply chain eco-system security and clinical trial data security.

Where does India stand in cybersecurity solution development and acceptance of this technology?
Well, I think it’s still at early stage but there is lot of push happening and interesting developments started in recent past, part of the Digital India initiative. Cyber security being a strategic sector, the Ministry of Electronics and Information Technology (MeitY) has directed procuring government entities to provide preference to all domestically manufactured/produced cyber security products and encourage “Make in India” to build an eco-system which can enhance income and employment. Both, the National Cyber Security Policy (NCSP) and Joint Working Group (JWG) established for public-private partnership for cyber-security reiterates the need for cyber security product development in-country, in addition to lot of other strategic initiatives. DSCI, a non-profit organization and NASSCOM initiative, has put together India Cyber Security Product forum to collaborate on opportunities and learnings from cyber security product companies. This is definitely a booster and encouragement for Indian cyber security product companies to focus on building products at the home ground if implemented well.

Could you give us a peek into Aujas presence in the pharma and healthcare sector?
At Aujas, we are already working with good number of clients in this space across USA, APAC and Middle Eastern regions. For example, one of the large multinational pharmaceutical organization which is also dealing in highly regulated markets like USA, has entrusted Aujas to put together application security program and operate it to ensure that applications which are dealing with business sensitive information are secured.

Aujas has also worked with few of large pharma and healthcare providers to build security program with governance framework, ISMS consulting, automation of GRC framework, SIEM implementations, security assessments and incident related forensics.

What is the kind of technology adopted by the company for cyber security?
Well, cyber security is a very vast domain. There is no specific technology which can address all cyber security needs. At Aujas, we see all the security silos as interlocking JIGSAW puzzles. They have to all work together to deliver security. Based on years of experience and working with clients globally, Aujas has designed an integrated GRC framework for the pharma industry which brings together strategy, polices & processes, structure, technologies, sustenance and enhancements.

We can assist organizations with a comprehensive assessment that includes a review of cyber security function and initiatives alignment with overall organization objectives, security strategy, governance, risk and compliance, identity and access management, threat management, data protection, privacy, cloud security & risk management and security operations. Such program assessments are also in alignment with industry best practices, and local regulatory requirements to ensure that it also addresses compliance requirements in addition to improving the overall security posture.
   
What is your marketing strategy to make a dent in Indian healthcare and pharma sector?
 From a business perspective, we focus on leveraging business relationships and partner’s network to identify and make an entry into new accounts. At the same time, we continue to mine opportunities in existing accounts to cross-sell our offerings. Our strong marketing engine connects with prospective clients to engage them in meaningful discussions to understand their challenges The company regularly participates in various industry events / conferences and evangelizes the importance of cyber security.


What are the likely future efforts in this space by Aujas?
In 2017, the threat landscape consisted of 58 per cent known threats and 42 per cent unknown threats. Further, before 2020, it is likely to exceed that of the known, according to IBM X-Force Threat Research report.  So, traditional way of identifying known threats and fixing them, wouldn’t be sufficient.

The setting up of a cyber defence centre focuses on proactive threat detection discovery by using actionable threat intelligence based on assets, industry segments:. Pharma and healthcare besides and geographical threat vectors. The advance threat detection is done using next generation SIEM platform with kill-chain based use cases and threat model based protection, capture full packets, flows and integrate well with organizations assets, vulnerabilities, leverages threat intelligence feeds and provide single pane of a glass.

Aujas is also investing efforts in putting together incident response platform automation to improve overall efficiency from time-to-detect to time-to-respond for security monitoring and operations. Also, such platform would be combined with power of end point detection and response tools to detect and respond to outsider and insider threats; rapidly contain future attacks and manage APT attacks.

 
[Close]