Adam Gordon, the country manager of data security company Varonis Australia and New Zealand, says the industry's intellectual property is a tempting target for attackers and a valuable prize for unscrupulous competitors.
Any company’s intellectual property is valuable. However, it’s the very lifeblood of companies that develop and commercialise the technology, such as those in the MedTech industry.
Unfortunately, it’s also one of their most vulnerable assets. Intellectual property that is stored on corporate networks is at high risk of theft by external attackers and hostile insiders.
In the case of a successful data breach, companies will pay dearly in time and money spent rectifying the damage. They may also experience significant reputational damage that can last for years.
Data breaches can result in companies making front-page news, or worse, having their intellectual property slip into the hands of competitors.
Boards, executives, and other stakeholders are now well aware of the risks of unsecured data and are demanding assurances that they are protected from cyber-attacks.
Fortunately, there are some steps that MedTech manufacturers can take to better protect their data and detect threats before they can cause any damage.
Limiting data access is key
Companies tend to make information far more widely available than necessary, especially when staff are under pressure to develop new products or meet tight project deadlines.
Varonis research found 53 per cent of companies have at least 1,000 sensitive files open to all employees. In total, each employee has access to roughly 17 million files. Important data is often not stored in specific, high-security areas, but scattered across company networks on file servers and emails, and open to anyone who can find it.
In the MedTech space, this valuable information may consist of scientific research or product blueprints for example. Ensuring only the most relevant and appropriate people have access to this data is key to limiting cyber risk.
Don’t just focus on external threats
There are plenty of different avenues that attackers can take to steal sensitive data, and it is crucial that companies are aware of both the internal and external threat factors facing them.
The reality is insider threats are frequently overlooked by many companies. Anyone with legitimate access to valuable data, such as a disgruntled employee or a corrupt business partner, could potentially copy and sell it. As a result, a competitor could get access to a company’s latest product or innovation and beat them to market, causing significant revenue loss.
A more subtle and potentially equally damaging scenario would be malicious insiders or external attackers changing or deleting data relating to a new product design for example. This type of cyber-attack could be initially undetectable, and ultimately very costly.
A different kind of external threat is foreign-funded attackers, who seek to access companies’ intellectual property and exploit it for their own gains, such as selling counterfeit products.
Then there is ransomware, a widespread threat targeting all industries. If an attacker is successful in planting ransomware into a company’s network — often via a phishing email opened by an employee — they can encrypt every file the ransomware can find. The company may have a chance to regain their data access by paying a ransom, but even then, there’s no guarantee.
Healthcare organisations have long been a favoured target for ransomware attacks. Denying them access to data can impact patient care and potentially endanger lives, giving companies no choice but to pay the ransom. The pandemic has created new priorities across all parts of the healthcare industry, and more opportunities for such attacks.
So how do you know if you are under attack? Here are four things to look out for.
1. Rogue insider. If a company monitors normal patterns of user access to data, they can get an alert when something out of the ordinary happens. This could be a user looking at sensitive data they have not previously accessed or accessing data that has no relevance to their role.
2. Multiple access attempts. When attackers attempt to defeat access protections such as passwords, they may try to use logins for expired users, brute-force attacks or stolen or leaked data gathered from the dark web. A bad habit of many people is to use the same password on multiple accounts, so if one is compromised, others are potentially exposed.
3. Access from previously unseen devices. There may be a legitimate reason for someone to access the corporate network from a new device, but it should raise alerts and be investigated. Their IP address can also be a warning: if it’s an address assigned to a country on the other side of the world from that user’s home base, then investigate immediately.
4. Unusual user activity: When a cybercriminal has gained access to a network, they might not launch a full-scale attack immediately: they explore to get the lie of the land and seek out valuable data. Often, this is done outside normal hours, hoping their investigations are not detected. So, if a user’s login times change suddenly, find out why. It could be an external threat or an insider.
You can’t protect what you can’t identify.
Companies need to have a comprehensive understanding of the data which is critical to their operations, and know what data is likely to cause the most damage if it falls into the wrong hands. Data access must be reduced to the minimal level needed for their business to operate effectively.
Furthermore, companies should maintain constant vigilance in monitoring employee activity on the network, to spot any unauthorised access, and should always assume they are already being targeted by cybercriminals. It is crucial to keep watch for any activity that might indicate there is someone already in the network trying to steal company data.