Hackers endanger the storage and logistics of corona vaccination doses, attack pharmaceutical companies, and most recently hacked the European drug agency EMA. Whether vaccines or industrial products, this is how companies protect their know-how.
The joint global effort by pharmaceutical companies to find a corona vaccine is unique. These successes were also made possible by the fact that business processes can now be almost completely digitized. Results from clinical studies, laboratory values , or strategy papers can be exchanged and processed with partners, laboratories, and suppliers worldwide in fractions of a second. Cloud services such as Microsoft Teams and SharePoint Online make it possible to process data together - completely regardless of where the doctors, scientists and laboratory managers involved are working.
Agility carries risks
But this agility also harbors new risks. Highly sensitive data from clinical studies or research are stored in the data centers of cloud providers. Technically, the data with the large cloud providers are often better protected than in many self-operated data centers of medium-sized companies. However, there is a risk of access by the cloud providers themselves and - in the case of US providers - by state authorities. Because the so-called 'Cloud Act' obliges US cloud providers to grant US authorities access to data that is not stored in the US - and thus undermines the EU GDPR.
For this reason, the European Court of Justice (ECJ) this summer declared the 'Privacy Shield' data protection agreement with the USA to be invalid. Basically, German companies are currently not allowed to use cloud offers from Microsoft, Google or Apple for their business processes without special EU-GDPR-compliant security by a trustworthy provider. However, the pharmaceutical industry depends on US services from Microsoft, Amazon, or Google if it wants to work together in the cloud worldwide.
Cyber attacks are increasing rapidly
The home office was only made possible on a large scale thanks to cloud services such as Microsoft Teams or SharePoint Online. However, working from home also poses several data security threats. For example, attackers exploit vulnerabilities in insecure VPN tools or collaboration platforms. Working in the home office has also caused the number of attacks by phishing emails to rise rapidly. Professional hackers send such emails to lure recipients to websites infected with malware. In this way, they try to get into the company's IT infrastructure to access sensitive data. Attacks on companies involved in the development, approval, and distribution of vaccines against Covid-19 have already occurred on a massive scale.
Four central IT security strategies - How to protect your know-how and your processes
All those involved are therefore under increasing pressure to protect themselves better - also in the interests of the common good. At the same time, they have to maintain their business capability and use instruments that increase their agility when working together. To combine this agility with data protection, four central IT security strategies are necessary:
1. Make the cloud secure
The fact that more and more files are stored in a cloud is increasingly calling into question previous security strategies. Because nobody can protect their data with the help of firewalls if they are on the servers of cloud providers. Companies need innovative technical solutions that give them back control over their data. Microsoft has embarked on this path together with the German IT security company Rohde & Schwarz Cybersecurity. Sensitive user data is decoupled from the cloud and can be stored encrypted at any location - for example on the company network. No cloud provider, hacker, or authority can access the data in the cloud in this way. With such a solution, global companies can also comply with global data protection regulations.
2. Use highly secure VPN connections
A 'Virtual Private Network' (VPN) enables a secure connection from any location to a company network. All that is required is a connection, for example via a WLAN network, cellular network, or Ethernet. For data communication over such a public network or a home network to be secure, special highly secure VPN tools are required. The problem: So far, these have only been available in the form of hardware boxes that only correspond to end devices from certain manufacturers. When a large number of employees go to the home office from one day to the next, such a system quickly reaches its limits. The boxes are completely unsuitable for work on the go - for example at the airport, in the hotel lobby, or in a taxi, as they require an external power connection.
Only a software-based VPN client enables a quick change to remote operation. To be really secure, the VPN client must be 'always-on' - this means that the data can only leave the end device via the VPN connection. Only if the VPN client detects a secure network - for example in the office - it deactivates itself. Such 'friendly network detection' enables the user to work continuously and securely in different network environments. With the R&S Trusted VPN Client, such a software-based VPN client is now available for the first time, which has been approved by the BSI for VS-NfD requirements.
3. Secure the browser
Even before the Corona crisis, the following was true: 70% of hacker attacks come from the Internet. The current need for information exacerbates this risk even more. Malware is smuggled onto computers via fake websites, emails, or graphics that come from apparently trustworthy sources. The best protection against attacks from the Internet is a virtual browser like the R&S Browser in the Box. If this is used, cybercriminals have no chance.
4. Protect data on the end devices
Especially organizations with high-security requirements - and this includes pharmaceutical companies - should equip their employees' end devices with hard disk encryption. Only authorized users can then use their data and the operating system via multi-factor authentication. If the device is lost or stolen, third parties can't access the data.
Speed does not come at the expense of safety
Speed is important in the development, approval, and distribution of new drugs and vaccines. But it must not be at the expense of the security of data and processes. With the right IT solutions, security and digital agility can be combined.
Install best data protection free antivirus software
Comments
Post a Comment