In drug discovery, where intellectual property and confidential data are paramount, ensuring robust security measures is a top priority to us. However, the biopharmaceutical industry is facing an alarming rise in cyberattacks, with the healthcare sector accounting for 24.5% of all hacks, according to the US government. Each breach costs an average of ~$5 million, and the biotech sector may be particularly vulnerable due to its data-intensive R&D programs, high-value intellectual property, and complex supply chains (Nat Biotechnol, 2022).
At DeepMirror, we understand the critical importance of safeguarding our clients' sensitive information, and that's why we've recently achieved ISO27001 certification, the internationally recognized standard for information security management systems. The ISO27001 certification process is rigorous, requiring organizations to implement and maintain a comprehensive set of security controls and best practices. By meeting these stringent requirements, DeepMirror demonstrates its commitment to protecting our clients' intellectual property, proprietary data, and confidential information from unauthorized access, use, disclosure, disruption, modification, or destruction.
The consequences of cyberattacks can be severe. In 2017, Merck was hit by a devastating NotPetya ransomware attack that disrupted operations and manufacturing globally for weeks, resulting in losses exceeding $1 billion (Financial Times, March 2018). More recently, in 2023, Evotec, a prominent drug discovery and development partner for major pharmaceutical companies, was hit by a cyberattack that took its systems offline (Fierce Biotech, April 2023).
What is ISO27001 and how does it protect you?
ISO 27001 is the internationally recognized standard for information security management systems (ISMS) that provides a proven framework to protect your organization's valuable assets. By implementing ISO 27001, companies establish a systematic approach to identifying risks, implementing robust security controls, and fostering a culture of security awareness. From access controls and encryption to incident response and business continuity planning, ISO 27001 covers a comprehensive set of best practices. Achieving certification demonstrates our commitment to safeguarding customer data, intellectual property, and other critical information.
Some key things that we did to achieve ISO27001 certification were implementing strict software development practices and vulnerability scanning to ensure our systems are always patched, frequent penetration testing of our APIs, isolation of customer data on cloud infrastructure, and continuous monitoring of our cloud infrastructure.
At DeepMirror, we make sure that all your data is isolated and encrypted on our cloud infrastructure. Security is embedded into our operations and engineering practices from day zero, ensuring that your data and IP are always protected. As Ryan Greenhalgh, CTO at DeepMirror, puts it, "At DeepMirror, we embed security into our operations and engineering practices from day zero, making sure that our users are always protected."
Continuous Improvement and Industry Leadership
While achieving ISO27001 certification is a significant milestone, at DeepMirror, we recognise that information security is an ongoing journey. We are committed to continuously improving our security practices, staying ahead of emerging threats, and adapting to the evolving needs of the biopharmaceutical industry. Moving forward, we will continue to invest in our security program covering different standards such as SOC2 Type II and CAIQ assessment in the future.
By prioritising data security and privacy, coupled with our innovative AI capabilities, DeepMirror aims to solidify its position as an industry leader, empowering our clients to accelerate their drug discovery efforts while providing the utmost confidence in protecting their valuable intellectual property and confidential data.
References
Increase vigilance against cyberattacks. Nat Biotechnol 40, 1155 (2022). https://doi.org/10.1038/s41587-022-01446-4
Fierce Biotech, April 2023: https://www.fiercebiotech.com/biotech/big-pharma-partnered-evotec-closes-down-hatchets-after-cyber-attack
Financial Times, March 2018: https://www.ft.com/content/31515a18-238f-11e8-ae48-60d3531b7d11
