Splunk & DTEX Partner to Deliver Noise-free Human Telemetry to the SOC. READ THE NEWS HERE.

WORKFORCE CYBER
INTELLIGENCE

BLOG

A Human-centric Approach to Operational Awareness and Risk Management.

Can You Believe How Easily These Scientists Stole Data? 3 Insider Threat Insights

You’ve probably already heard about the latest news in the security world. Two scientists have been charged with stealing valuable intellectual property from their employer, British pharmaceutical giant GlaxoSmithKline. More specifically, the scientists — along with three other co-conspirators outside of the company — stand accused of stealing research for valuable cancer treatment drugs. They were using their stolen information as a basis for a new company they had started in China.

This kind of story never ceases to be a little bit shocking, but it’s far from unprecedented. After all, when it comes to data theft, pharmaceutical companies leave a lot on the line. According to a 2013 study by the United Kingdom Office of Cybersecurity and Information Assurance, intellectual property theft accounts for over $14 billion in monetary losses in the pharmaceutical industry alone. For pharmaceutical companies, intellectual property is the product — and an extremely valuable one, at that.

It stands to reason, then, that security would be top of mind at pharmaceutical firms. Still, as a security professional in charge of protecting pharmaceutical IP, you face some unique challenges. It’s simple enough to protect against external actors, but safeguarding against your own employees is a whole other game. Even worse, the insider threat presents itself very differently in the pharmaceutical industry than it does in most others. As a result, you need to approach your protection in a unique way — and you can’t cut corners.

It sounds intimidating. But we’ve been stopping the insider threat for more than a decade. In those years, we’ve noticed that there’s three major factors that make all the difference when it comes to fighting the insider threat in the pharmaceutical field.

Not all insider threats are lowly employees.

Time and time again, this is our biggest takeaway from these insider pharma breaches. When most people think about the insider threat, they imagine lowly, underpaid, or even temporary employees succumbing to the temptation to steal customer credit card info. In every industry, this is a dangerous assumption. No matter where you are, the insider threat is a concern across all levels of seniority and pay brackets. But the life sciences, this stereotype is especially untrue. There, we see a particularly prevalent narrative: high-ranking, successful employees stealing research for a new company.

When you think about it, this makes sense. Like many knowledge workers, scientists feels a sense of ownership over their work, and they stand to gain a lot by bringing it with them when they leave. But, it also means that pharmaceutical companies are facing a different high-risk profile than other industries.

Want to know the top ways you can protect your pharmaceutical intellectual property? Download our guide:

MktoForms2.loadForm(“//app-ab17.marketo.com”, “173-QMH-211”, 1196);

Your high risk employees are very smart. Worse, they know everything there is to know about your company.

We certainly never recommend assuming that your insiders are stupid. Most of the time, regardless of industry, it’s just not true. But the pharmaceutical industry has an especially high level of intelligent insiders: scientists. Plus, those scientists just so happen to be the ones with the most incentive to steal data. If they do, they’ll be difficult to stop. They are researchers — they’re going to take the time to figure out your security practices, and they won’t get tripped up by simple roadblocks. What’s more, they’re likely familiar with the workings of your company and with the data that they’re attempting to steal. This familiarity can take them a long way.

When it comes to security, good enough is not usually good enough. But the takeaway here is that in this environment, good enough is never good enough. Your insiders have the intelligence, the knowledge, and the determination to find every hole in your security system. The two scientists from Glaxo emailed their research out of the organization for over three years . Clearly, they had the patience to work their plan through the right way.

Approach your employees like you approach super-users.

All these factors come together to pose an intimidating front. How can you protect against insiders who are intelligent, patient, determined, and familiar with your system? It’s not easy, but it’s doable. In fact, these complications remind of us another high-risk insider user group: IT super-users.

The two groups aren’t exactly the same, of course. Obviously, they shouldn’t have the same permissions or expectations in network activity (if your scientist employee starts using hacking tools, you should be concerned). But the mindset is similar. You can’t restrict your system admin from using the tools and files they need, even though their access opens you up to an inherent level of risk. The same thing goes for pharmaceutical scientists. No matter what, they need access to valuable, sensitive information just to get their job done each day. Trying to restrict them from their own research or do clunky, keyword-based blocking will only end in frustration. Plus, as we mentioned before, a determined insider will be able to figure out a way around your roadblocks.

You’ve probably already resigned yourself to this risk when it comes to your privileged IT users. Hopefully, you’ve compensated with knowledge. Visibility is a terrific security tool to show you where your weaknesses are. It allows you to take a trust but verify approach with insiders that you simply cannot control through lock-and-block techniques. In a pharmaceutical company, a huge portion of your staff falls into this category.

When  you add up all these conclusions, there’s a clear takeaway. You may not be able to block your employees, but you can — and should — use an effective endpoint visibility solution to make sure you see your weak point. If you have a good view of what happens within your enterprise, you’ll be able to catch the beginnings of suspicious activity. What’s more, if data theft does occur, you’ll be able to identify exactly what was stolen and collect the data you need for a forensic investigation.

Above all, pharmaceutical companies need to be realistic about their unique situation. Recognize your elevated risk level and unique employees, and build a security program around those needs. As a result, you’ll have a more balanced enterprise — and an effective way to protect invaluable intellectual property.