Big Pharma is Under Cyber Attack, but DNS Offers a Way to Disrupt the Hackers

30th January 2019


Simon Whitburn
Senior Vice President Cyber Security Services

The pharmaceuticals industry may not historically have embraced technology innovation as it has done scientific breakthroughs, but that’s changing. Today, digital transformation is seen in the industry as a fantastic way to improve decision-making, drive operational efficiencies, streamline R&D, and embrace emerging patient-centric models. But as great as the opportunities are, so are the risks. With more data and IT complexity comes the potential for attack by data thieves and cyber extortionists.

The way to mitigate risk in this newly digitised world may well be hiding right under your watch, in your Domain Name System (DNS) infrastructure.

Pharma goes digital

From employee onboarding to clinical trial management, IT innovation is helping to drive improvements across pharmaceuticals. Cloud and mobile-based systems enhance collaboration and productivity, while IoT sensors capture vital data on patient health which is analysed to improve and personalise treatments. This patient-centric drive will herald new disruptive opportunities for the industry to provide “beyond the pill” solutions to complement traditional medicines, according to market watchers.

Yet pharma also represents a hugely attractive target to attackers. These hackers are usually external, but increasingly there have been warnings of nation states recruiting insiders to do their dirty work — such is the demand for the sensitive data held by organisations. The main risks are:

Patient data theft: Healthcare records are highly sought-after by fraudsters on dark web markets and could even be used to blackmail recipients. As more data is harvested by pharma firms, they’ll become a bigger target.

IP theft: This has been described as the most common type of security incident affecting industry organisations. With billions spent on bringing just a single drug to trial over a several year period, it’s no surprise that rivals and nation states want a shortcut.

Ransomware: As is the case for just about any type of organisation, a serious ransomware outage will have a major impact on operations, potentially cost millions to recover from and damage the corporate reputation. German drug-maker Merck lost over £243m from a NotPetya outage in 2017 while the UK producer of Nurofen, Reckitt Benckiser, claimed to have lost £100m.

Regulations: Since the GDPR came into force, pharma firms have to make sure patient data is suitably protected and/or pseudonymised. The alternative is to face the wrath of regulators, which are able to levy fines of up to £17 million or 4% of global annual turnover. The GDPR may also uncover a much greater data breach problem in the industry than is currently reported, due to mandatory breach notification rules.

Time for DNS-based security

Few IT managers may pay much attention to DNS, the protocol that converts domain names to IP addresses. It might have a crucial role in making the web ‘work’ for users but it’s usually forgotten about by admins and whitelisted by firewalls. This is a problem. DNS is the backbone of your infrastructure, enabling your employees to go about their jobs. IT admins support this task by whitelisting DNS traffic in the firewall configuration so as not to cause disruption. Hackers know this fact only too well. They might try to smuggle stolen data out of the organisation in DNS queries, for example, or tamper with DNS servers themselves to take users to phishing and malicious pages. They may even use DNS traffic to communicate with infected machines on your network.

Yet the DNS can also be your ally. Its ubiquity in the IT environment makes it a great place to stop cyber criminals in their tracks. Nominet’s NTX platform helps you do exactly this. It can detect even the smallest signs of malicious activity in large volumes of outbound DNS traffic so you can block attacks before they are able to impact the organisation.

Available as a cloud-delivered threat monitoring and analytics platform (NTXprotect) or a fully managed service (NTXsecure), it’s there to protect your network against command-and-control malware, phishing, botnets, cryptomining, data exfiltration and more without impacting performance.

For more information:

Download our whitepaper