The pharmaceutical industry has generally excelled at physical security, as locking down access to secure research labs, clinical trials and manufacturing / formulation operations are critical to reduced risk and positive results.
Mobile device access to company data, and mobile apps to serve customers, give pharma teams more agility and responsiveness to meet the needs of doctors and patients. Therefore, drug companies must now focus on mobile security to prevent the theft or malicious use of sensitive patient data, drug development R&D, high value IP, operations and legal information. Mobile devices have become the prime threat surface for cybercriminals and industrial espionage.
A strong mobile threat defense posture is a requirement for survival against cyberattacks and the severe losses and damages they can cause any pharmaceutical business.
Head of Information Security, Multinational Pharmaceutical Company
Furthermore, enterprises believe mobile malware attacks occur more often than is reported. In a recent Gartner survey, 60% of respondents stated they believe mobile malware incidences are underreported. To the same question for desktop malware incidences, respondents stated they believe only 16% are underreported.”
Market Guide for Mobile Threat Defense. Analyst(s): Dionisio Zumerle | John Girard, 30 October 2018
The proprietary intellectual property, patient data and legal documents flowing through a pharma company have very high potential value for cybercriminals and industrial spies. Trade secrets in this arena can impact multi-million dollar revenue streams.
Researchers, executives and business reps of pharma companies are increasingly relying on mobile devices for both work and personal use, and employees may be accessing company data outside the office to stay productive. Even if corporate IT tries to lock down device usage, security in a world of connected smartphones, tablets and IoT devices, in labs and in the field, cannot be entirely assured by conventional methods.
Employees who are using company-issued devices, or their own devices in a bring-your-own-device (BYOD) scenario, may not keep their devices updated or be aware of high- risk behaviors such as attaching to unknown Wi-Fi networks, downloading malware by clicking on an unknown link or site, or something as simple as letting a child download apps or play on the phone while traveling.
Mobile devices have some security features built-in, but new “DNA attack” vulnerabilities are discovered every day, and new Android, iOS and Chromebook updates are constantly posted. There are also privacy policies and regulations on security management and legal documentation on how much control a corporation can have over an employee’s device and the data on it.
Securing the company’s corporate and laboratory networks may not be enough to prevent new forms of network attacks. Hackers can set up a fake “Free Wi-Fi” access point to lure employees and visitors to connect, then act as a Man-in-the-Middle (MITM) to capture private data, compromise devices or take control of devices to operate them remotely.
Pharma companies are starting to find promising results by using mobile apps to better serve patients and physicians. These apps can offer prescriptive advice, medication reminders and other health management tools, as well as facilitating real-time interaction and feedback in clinical trials.
Pharma companies can deploy Zimperium’s world-class mobile threat defense (MTD) platform to detect and resolve advanced cyberattacks at all of the exposed mobile touchpoints in the enterprise. With very little effort, security and development teams gain on-device and in-app protection from cyberattacks, with real-time visibility into the mobile threat landscape that may impact their R&D and field operations.
Pharmaceutical InfoSec or administrative teams can pre-install zIPS™ on corporate-issued user devices, and BYOD employees or authorized users can simply download and install the app from trusted stores (Apple App Store or Google Play). This approach to threat detection keeps employee and patient data secure on the device and legally compliant, without impacting performance.
Pharma or partner companies can embed cybersecurity directly into the apps you deliver for customers and employees with Zimperium’s zDefend (In-App Protection) solution. This innovative SDK allows developers to immunize mobile apps with world-class security in minutes to help prevent data breaches and mobile fraud.