Recently, the pharmaceutical giant Bayer revealed that it was being the victim of intense cyber attacks. Those responsible could be Wicked Group, a group of cybercriminals of Chinese origin. In fact, it had not even been a one-off incident, since Bayer had been monitoring and monitoring such attacks for about a year.
The fact, of entrance, can be surprising. When we talk about cyber attacks, there is a type of companies especially prone to suffer them: large banks, insurance companies, oil companies, governments, public institutions or, in general, organizations with data from their customers or users, whether hotels, mobile applications or portals. online, to give some examples. So, why would a pharmaceutical laboratory be susceptible to cyber attack?
The answer is formed by two key words: industrial espionage. In a highly technological world impregnated with scientific innovations, these innovations can also become the subject of theft for cybercriminals. And in the case of large companies in the scientific field, the patented products or services are placed in the center of the target. And that is precisely what happened to Bayer.
The consequences of a patent theft
For a company of this type, the fact that a cyberattack usurps its patented products is a serious problem, for several reasons:
1.- Business. For a technological product company, patents can be an important factor, but never essential. However, in a scientific sector organization a patent is the central point of their work and, therefore, of their business model. A new development will not help without its patent, and a patent will not help if the cybercriminals get their content.
2.- Competition. If the person who has stolen the patent is a competitor, it is clear that he will not use that formula 100%, since he can be accused not only of plagiarism, but also of theft. However, the mere fact of accessing the patent may mark a roadmap to make similar developments, with which the affected company will see how their competition grows immediately after years of investment in their internal research.
3.- Reputation. No large company likes to be a victim of a cyber attack or industrial espionage, but much less if you work in a sector as sensitive as the health. In this type of activities, the image of the company is one more component of its business, and a cyber attack of this magnitude could have a significant negative impact.
How to avoid industrial espionage
Protecting business cybersecurity is a mandatory requirement for any company, whatever its size, size, importance or economic sector. For this, several measures have to be taken.
1.- Monitoring. Cybercrime often shows its face when it is too late to contain it, so that any large organization must know at all times what is happening in its computer entrails. Solutions such as Panda Adaptive Defense automatically monitor all the active processes in a company's system in real time, thereby preventing and anticipating incidents before they even occur.
2.- Access control. There are certain types of information that not all members of a company need to have access to. In the case of a registered patent, for example, only developers and researchers who will work with such material should be able to access it. The rest of the members of the organization should not have access in any of the ways.
3.- Isolation of information. Although practically all organizations work connected to the Internet or even share information in the cloud, there is information that should be as isolated as possible. In the case of something delicate like a patent, you should always do everything possible to keep them on isolated servers or, to the extent possible, even without any Internet connection. Any additional security layer will help keep cybercriminals at bay.
And, when a company is a victim of cybercrime, there is information that can be sensitive but not essential, but patents, in this type of company, are the factor from which the business model of the entire company, so the protection of such patents should be a priority in the business cybersecurity strategy.