Pfizer IP Leak Isn’t Unique. Protect Your Cloud Data With Proactive Encryption.

This blog was originally published by Lookout on December 17, 2021.

Written by Hank Schless, Senior Manager, Security Solutions, Lookout.

The pharmaceutical company Pfizer recently acknowledged that thousands of internal documents were leaked, including trade secrets related to its COVID-19 vaccine. In a California lawsuit, Pfizer stated that a former employee had exfiltrated sensitive data to their personal cloud accounts and devices while they were still working there.

We often associate breaches with corporate espionage and advanced persistent threat groups, but this incident exemplifies a rather typical and hard-to-detect behavior that has been amplified by cloud connectivity: data leakage. Whether it’s accidental “fat fingering,” intentional data exfiltration (such as in the case of Pfizer), or a compromised account, data moves more fluidly than ever due to the increasing reliance on cloud applications to stay productive.

This problem isn’t unique to Pfizer. And to combat it, organizations need to assume that their sensitive data will eventually be shared with unauthorized parties, just as they need to assume that no entity is trustworthy until verified in a Zero Trust framework.

To ensure that you take advantage of cloud productivity while safeguarding your sensitive data, you need a solution that can make intelligent access decisions based on user behavior, endpoint risk posture, the apps being used and the sensitivity level of the data being accessed.‍

How was Pfizer’s sensitive IP leaked?‍

Pfizer is suing a former employee to prevent the distribution of sensitive data they exfiltrated while still working for the company. According to Pfizer, the 12,000 stolen internal documents include information from the development of its COVID-19 and a new drug that treats melanoma.

Allegedly, the defendant had privileged access to confidential and proprietary data due to their position in the company’s global product development team. Before they left Pfizer, they copied data to multiple personal devices and personal cloud storage accounts. Pfizer’s internal systems reportedly flagged these anomalous activities but only after the files were already copied from their original locations.

This is an example of an insider threat. An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.‍

Three capabilities you need to protect your cloud data:‍

One detail I noted in the section above is that Pfizer had the ability to detect anomalous behavior. But what was missing is its ability to proactively encrypt data.

In his recent 2022 predictions blog, Lookout CTO of SASE Products Sundaram Lakshmanan said that while cloud connectivity has amplified security gaps, integrated and cloud-delivered solutions will also be the way organizations keep pace with evolving threats. In other words, to prevent data leakage in this cloud-first era, you need an integrated cybersecurity solution that has advanced capabilities.

To combat data leakage, here are three technologies that your integrated security solution needs:‍

1) Gain visibility into user behavior

‍User and entity behavior analytics (UEBA), is crucial to understanding how users interact with your apps and data. More often than not, security compromises don’t include malware. Instead, a privileged account that has access to sensitive data is used to cause harm, whether it’s through the stealing of credentials, someone accidentally sharing data with unauthorized personnel, or in the case of the Pfizer leak, an incident with malicious intent.‍

2) Understand the apps your employees use‍

In addition to user behavior, your cybersecurity solution should understand the different apps your employees use, whether they are sanctioned by IT or not. Shadow IT has become a big problem now that cloud apps are so easy to deploy and many employees have consumer versions of enterprise apps such as Google Workspace and Microsoft Office 365.

According to Bloomberg Law, Pfizer implemented a tool in October 2021 that can detect employee uploads of files to cloud apps. But again, detection alone wasn’t able to prevent the breach.‍

3) Implement automated encryption‍

Automated actions to protect your data is the key. You may have the tools to detect anomalous user behavior or whether your files are being uploaded to an app you don’t have control over, but without an intelligent policy enforcement engine, there’s nothing you can do to stop your data from leaving.

To mitigate against data leakage, organizations need data protection that takes advantage of the capabilities I outlined above: user behavior and app usage. Your advanced data security should include these two technologies: one, data loss prevention (DLP), to classify and understand the sensitivity of the data you own as well as apply various restrictions such as wordmarking or redacting keywords; two, enterprise digital rights management (E-DRM) that can encrypt sensitive data while it's downloaded so that only authorized users can access it even if it leaves your enterprise.‍

The fourth puzzle piece: endpoint telemetry and an integrated platform‍

This incident illustrates how, even with the world’s best data classification and anomaly detection systems, you need to ensure that you have the ability to take action. To secure their cloud data, organizations have been shifting to a Zero Trust model, where no entity is deemed trustworthy and given access until their risk level is verified. But to make efficient access policy decisions that don't hinder productivity, you need integrated insights.