A discussion about the threat that cyber hackers pose to pharmaceutical companies as they scramble to develop and globally distribute vaccines for fighting COVID-19, with Christopher Hart, director of cybersecurity with Cylumena, and Yossi Appleboum, chief executive officer with Sepio Systems.

With vaccine research at a premium, it’s becoming increasingly critical that pharmaceutical companies protect themselves against cyber thieves. Yet relative to certain other industries, their security systems aren’t secure. The level of attention being paid to the security of pharma producers today is equivalent to that directed at financial institutions two years ago, according to Appleboum. “I suspect they’re not ready,” he says.

The pharma industry today is in “an exclusive club,” says Hart, “with threats coming from all over.” In developing new products, companies face the triple challenge of ensuring confidentiality, integrity and availability. “They really have their hands full,” he says.

The source of cyber threats to the pharma sector is evolving. Once it was almost exclusively nation states, says Hart. Now, tools and techniques for cyber theft have become “commoditized,” and are even available on the dark web. Making matters worse for companies generally, says Appleboum, is the increase in employees working from home, using personal devices that aren’t secure. But even a company’s own equipment can be weaponized to steal secrets and disrupt information systems. Keyboards, mouses and biometric sensors can be deployed to conduct the equivalent of a command-and-control attack.

The failure of companies to keep pace with the methods of cyber thieves is partly due to a lack of trust in technology tools, says Appleboum, but the larger problem relates to people. There’s a significant shortage of talent to support security systems, and siloed departments in both government and the private sector prevent the levels of cooperation needed to stop hackers.