Digitalization in life sciences has come with amazing benefits that have improved the entire ecosystem – from accelerating research and drug development, to site-less clinical trials, optimized commercial approaches and connected patient care. Unfortunately, alongside this digital transformation there has been an increasing cohort of highly capable cyber extortionists that have been using ransomware to compromise operations in an effort to extract money from biopharma companies. Each time an advancement is made in cybersecurity, these bad actors counter the defenses and increase the level of disruption they can inflict. This persistent game of one-upmanship requires cybersecurity leaders to understand and counter new ransomware challenges, while strengthening defenses across people, processes and technology.
Cybersecurity is critical to the business strategy in life sciences, as any disruption to operations can have significant impact on patient experiences and be costly to the entire ecosystem. Direct costs of remediation, loss of highly sensitive commercial or patient data, and reputational damage are all potential results of ransomware incidents. So, what can life sciences companies do to remain resilient in the face of increasing threats?
Accenture Security recently took a deep dive on the current state of the ransomware threat in life sciences. In our research, we identified three core ransomware challenges and considered how cybersecurity leaders can help their organizations gain ransomware resilience.
<<< Start >>>
An estimated minimum $18 billion was paid in ransoms globally, while the cost of downtime in the private and public sectors added billions more in costs1.
<<< End >>>
Understanding ransomware challenges and attacks
Typically, ransomware attacks are a result of poor cybersecurity hygiene. It could be as simple as an unsuspecting employee clicking on a link that secretly provides an access point for entry. Additionally, while ransomware used to be complex and required a deep understanding of technology, ransomware-as-a-service has been transformative for extortionists. Many owners of highly effective and widely disseminated malware strains, formerly known as “banking trojans,” are working with intrusion specialists to infect and extort the maximum number of victims.
To better prepare and protect your company from attacks, it’s important to understand the cybersecurity challenges that exist today. Accenture Security identified three core challenges facing life sciences companies.
Challenge #1: Ramping up of attacks
Established ransomware operators are upping their game as they continue to focus on new monetization opportunities. The Accenture Cyber Investigations and Forensic Response (CIFR) team observed a 160% year-on-year increase in ransomware events in 2020—with little signs of any slowdown in early 20212. To plan for resilience, organizations should focus on the business and operational risks presented by the threat across their unique value chain—and prioritize planning and defense efforts accordingly.
Challenge #2: Business growth and service strategies lack resilience
Downtime from ransomware is still growing. According to ransomware recovery company Coveware, firms experienced an average of 23 days of downtime in the first quarter of 2021, up from 21 days in the fourth quarter of 20203. This downtime ranged from standstill to minor non-availability—and the Accenture CIFR team observed ransom demands ranging from US$100,000 to US$50M in 20204.
Ransom demands are becoming more customized as well—with threat actors assessing who is more likely to pay. The U.S. government’s position5 and the policy of the majority of companies is not to pay, since if ransoms are paid, it can open the door to further criminality. Not paying can also be costly. For example, in August 2020, a leading foreign exchange firm went into administration to lose more than 1,300 jobs6. Administrators stated that a ransomware attack had caused a month of disruption and at times staff could not use computers to keep track of currency trading. The breach also disrupted online travel money services for leading global clients.
Challenge #3: Ransomware operators are constantly improving their ability to disrupt
Operators keep innovating, first using ransomware in a targeted way against key assets, then combining that with data leak extortion. There are indications that certain operators are increasing their ability to interfere with operational technology processes and refining other means to pressure payment, including layering distributed denial-of-service attacks with encryption and data leakage.
As an example, we can look to a cybersecurity incident that occurred in December 2020. In this incident, extortionists targeted one of the world’s largest manufacturers, claimed encryption of 1,200 servers, realized the theft of 100GB of data, deleted 20 to 30 terabytes of backups and demanded a $34M ransom7. The disruption caused by this attack had all the hallmarks of a modern ransomware incident: it was costly, caused potential reputational damage and resulted in stoppages that impacted the entire ecosystem.
What can you do now?
One of the most important things you can do today is to operate under the assumption that you are already breached and focus on resilience across the robust value chain. From that position, there are a number of key considerations that can help you prepare:
- Focus on the basics: Keep cybersecurity hygiene up to standard while implementing a holistic backup and recovery strategy across the ecosystem.
- Prevent and protect: Continuously validate and test your defenses while training and testing employees frequently.
- Make it personal: Collaborate with legal and communications teams, senior management and external service providers, so everyone knows how to work together during an event.
- Know your operations: Understand how to backup and restore critical data at speed and scale across the business—strive for continuity of operations.
- Prepare, prepare and prepare again: Threats are agile, and you should be, too. Businesses don’t evaluate their profit and loss or liquidity levels once a year—cybersecurity should be no different.
With the growing threat of ransomware activity, companies should be taking a proactive stance on cybersecurity. For more information about Accenture Security and how to improve ability to protect your company from the ever-growing threat of ransomware, I suggest reading this blog authored by some of our top cybersecurity team members.
<<< Start >>>
<<< End >>>
1. The cost of ransomware in 2021: A country-by-country analysis
2. Ransomware response and recovery, Accenture 2021
3. Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound
4. Ransomware response and recovery, Accenture 2021
5. Ransomware — FBI
6. Travelex strikes rescue deal but 1,300 UK jobs go
7. Foxconn hit with DoppelPaymer ransomware attack, $34M ransom demand