EdgeWave Pharmaceutical Sector Cyber Security Guide

As part of the healthcare industry, pharmaceutical manufacturers are obligated to comply with HIPPA rules designed to protect sensitive patient health information (PHI).

CYBER SECURITY, EVOLVED Secure Pharmaceutical intellectual property and production environments with Military Grade Cyber Security The Pharmaceutical Sector Cyber Challenge Our world has been radically transformed by digital technology – smart phones, tablets, and web-enabled devices have altered the way we manage production and do commerce. At the same time, technology has enabled a new generation of criminals to gain access to information assets. According to the Identity Theft Resource Center 2014 data breach report, 42% of all reported breaches in 2014 have occurred in the healthcare category. The number represents reported breaches; however, many entities have not yet discovered that they have been compromised, and are thus exposing connected business affiliates to cyber threats by association. The pharmaceutical industry is vulnerable to threats shared by both the healthcare sector and manufacturing sectors. As part of the healthcare industry, pharmaceutical manufacturers are obligated to comply with HIPPA rules designed to protect sensitive patient health information (PHI). The R&D cost of creating a new drug is estimated at $5 billion. Protecting patented formulas from counterfeiters and employee exfiltration, and securing the pharmaceutical supply chain is critical. The National Association of Manufacturers estimate that $239.9 billion in revenue has been lost to cyber-piracy over the past ten years. Verizon’s 2014 Data Breach Investigations Report (DBIR) identified manufacturing systems as one of the most vulnerable industries to hackers, with companies of all sizes equally targeted. According to this report, web application attacks made possible by credentials stolen through email phishing scams are by far the most widespread types of data loss. Criminals are “getting better and faster at what they do, more quickly than organizations can address the threats.” The Solution The transition of business processes to the cloud and proliferation of connected endpoints will increase the vulnerability of critical infrastructure to outside threats. IT managers must implement more comprehensive policies regarding the secure handling and transmission of data. The four key components of a solid internet and data security program include: EdgeWave Pharmaceutical Sector Cyber Security Guide • Advanced Threat Defense • Data Protection Services • Endpoint Security • Education of Employees and Vendors CYBER SECURITY, EVOLVED EdgeWave Pharmaceutical Sector Cyber Security Guide EdgeWave EPIC2 is a Military-Grade approach to cyber security that combines expert analyst review, advanced technology and a rigorous cyber operations approach to deliver real-time, active defense against cyber threats. Advanced Threat Defense Email is a primary threat vector by which hackers access your systems. It’s easier for a hacker to send out an email than to hack a firewall – it takes just one unsuspecting staff member to open the wrong email or click a bad link to punch a hole in your network defense. EdgeWave’s ePrism Email Security Suite includes the powerful tools you need to assure the protection of private data and the efficient delivery of legitimate email. ePrism offers fully hosted in-the-cloud services that require minimal management, are affordable, and can scale easily to fit any size network. ePrism includes a multi-layered approach that stops emerging threats before they can get near your network. Our exclusive EdgeWave Enhanced Precision and Integrated Cyber Capabilities TM — EPIC2 — combines human threat review and automated intelligence to identify and stop advanced threats in real time. Humans can identify the intent of inbound threats in a way an algorithm can’t – that’s why every cyber security plan must include human analysis. In the first quarter of 2014 alone, EPIC2’s human review process has blocked over 100 million malicious emails per day with customized rules and human analysis. The 2014 Verizon Data Breach report promised “We may be able to reduce the majority of attacks by focusing on a handful of attack patterns.” EdgeWave’s EPIC2 leads the market with this capability. Data Protection Services Data Loss Protection - ePrism includes a content analysis and policy engine that uses proprietary technology to detect private information transmitted via outgoing email. This data protection technology analyzes data in motion, and using compliance-based rules, detects and blocks any sensitive private data trying to leave your network. This solution is easily managed from the ePrism Central Dashboard giving you the powerful tools you need to ensure the safety of your most valuable corporate assets. Encryption - EdgeWave Email Encryption assures the secure delivery of email to anyone outside your network, with next-generation technology that eliminates the cost and complexity associated with many traditional encryption services. As a completely hosted service, there is no hardware or software to implement and encryption can be easily enabled on a per user basis or as part of an automated routing policy. In addition, because it is integrated into the ePrism Hosted Email Security and Data Loss Protection services, your outgoing email is inspected for malware, viruses, inappropriate content, compliance breaches and violations of your acceptable use policy (AUP). You can manually encrypt messages or configure to automatically encrypt per a variety of factors; such as sender, recipient, or when DLP problems are detected. Endpoint Security Laptops, smartphones and tablets have improved productivity and efficiency by empowering managers to keep tabs on resources and processes at the swipe of a finger, while freeing up workers to exercise greater independence and mobility. But this also brings risks. Ponemon Institute’s Global Study on Mobility Risks reports that a majority (59 percent) of companies have had employees “circumvent or disengage security features” in their company-sponsored mobile devices, and 51 percent have experienced data loss due to improperly secured mobile data. iPrism Web Security can help you mitigate endpoint risk with Cloud-Based Remote Web Filtering and Mobile Device Security. These security solutions employ proprietary technology to bring powerful Enterprise Web Filtering to all staff and devices, even outside the network. You receive comprehensive Military Grade protection from web-based threats, granular policy controls, and selective data wiping -- all with centralized administration and reporting. Suitable for both corporate and BYOD devices, iPrism provides anytime, anywhere any device security for iPads, iPhones, Android devices, Windows laptops and Macbooks. CYBER SECURITY, EVOLVED 15333 Avenue of Science, Suite 100 San Diego, CA 92128 Give us a call 1-855-881-2004 Send us an email: [email protected] For more info, visit us at: www.EdgeWave.com EdgeWave Pharmaceutical Sector Cyber Security Guide Education of Employees and Vendors The internet and data security technologies described above are only as effective as the training and policies that enforce their use. Here are 5 steps to get you started on the path to ensuring your organization will support your security efforts: 1. Integrate a defense-in-depth security strategy with every plan and initiative. Isolate valuable assets and restrict who has access to them. 2. Empower employees with targeted, plain-English security training. The healthcare sector is highly regulated, and educated employees are the best way to ensure safety and compliance. 3. Implement and enforce strong organizational/IT policies regarding social media and portable devices. 4. Ensure all employees and vendors know how to guard authentication credentials. Require a signed and sealed agreement of understanding and adherence to access and device usage policies. 5. Employ an agile, robust, platform-agnostic, advanced threat detection system that includes encryption. In the healthcare sector, under the new HIPAA Final Omnibus Rule, organizations, vendors and business affiliates who fail “to perform a comprehensive and thorough risk analysis, and subsequently fail to apply the results of that analysis” to protect patient health information can be fined up to $1.5 million annually. EdgeWave specializes in security systems that meet compliance requirements, and protect against IP theft. EdgeWave’s award winning EPIC2 Military Grade solutions have helped over 6,500 organizations protect their data and networks. Let us create and implement your cyber security strategy and keep your environment protected and processes secure.