Not long ago, the pharmaceutical giant Bayer revealed that it was experiencing intense cyberattacks. Those behind the attacks could be Wicked Group, a cybercriminal organization operating from China. In fact, this was by no means a one-off incident: Bayer had been monitoring and analyzing these attacks for close to a year.
All of this, at first glance, may seem surprising. When we talk about cyberattacks, there is are certain kinds of companies that are particularly prone to these incidents: insurance companies, oil companies, governments, public institutions, or any organization that stores customer data, be it hotels, mobile applications, or online portals, to give but a few examples. So, why would a pharmaceutical laboratory fall prey to a cyberattack?
The answer can be summed up in two words: industrial espionage. With the amount of technological and scientific innovations that exist in the world today, it is no surprise that these innovations too can become targets for cybercriminals to steal. And in the case of large companies in the scientific field, patented products or services are the most appealing of targets. And this is exactly what happened to Bayer.
The consequences of patent theft
The theft of patented products due to a cyberattack is a serious problem for this kind of company, for several reasons:
1.- Business. For a company that manufactures technological products, patents can be an important factor, but not necessarily an essential one. However, for organizations in the scientific sector, patents are the focal point of their work – and therefore their business models. A new development is of no use without a patent, and a patent is of no use if cybercriminals manage to get their hands on its content.
2.- Competition. If whoever stole the patent is a competitor, they clearly won’t be able to use the formula exactly as they stole it, since they would be accused not only of plagiarism, but also of theft. The mere fact, however, of gaining access to the patent would be enough to guide the way to develop similar products, leading to success off the back of the years of investment and internal research carried out by the victim.
3.- Reputation. No large company wants to suffer a cyberattack or industrial espionage, and even less so if it works in such a delicate sector as healthcare. In this kind of industry, the company’s image is an important part of its business, so a cyberattack of this scale could have serious negative consequences.
How to avoid industrial espionage
Protecting corporate cybersecurity is an obligatory requirement for any company, whatever its size, importance, or economic sector. To do so, several measures must be taken.
1.- Monitoring. All too often, cybercrime shows its face when it is already too late to stop it. As a consequence, large organizations need to know exactly when is happening in the depths of their IT systems at all times. Solutions like Panda Adaptive Defense automatically monitor all processes running on a company’s system in real time. Thanks to this capacity, it is able to predict and stop incidents even before they happen.
2.- Access control. There are certain kinds of information that not all members of a company need to be able to access. In the case of a registered patent, for example, only the developers and researcher that are going to work with this material need to have access to it. Other members of the organization don’t need to be able to access it in any way.
3.- Information isolation. Although the vast majority of organizations are connected to the Internet, and many work by sharing information on the cloud, there are certain kinds of information that need to be as isolated as possible. In the case of something as sensitive as a patent, it is always vital to do as much as possible to store it on isolated servers or, even better, somewhere with no kind of Internet connection. Any extra layer of security will help to keep the cybercriminals at bay.
The fact is that, when a company is the victim of cybercrime, there are certain kinds of information that, though sensitive, are not essential. For these kinds of companies, however, patents are the foundation for the business model of the whole company. Therefore, protecting these patents should be a priority in their corporate cybersecurity strategies.