Empowering Cyber Immunity:
An Inside Look at MSD’s Cyber Threat Intelligence Team

In today’s world, where cyber attack threats are constantly shifting and growing in number, preventing them can be a challenging task. We spoke with Marina La Fontaine and Michaela Rojníčková, who, as part of the Cyber Threat Intelligence team, help track the cyber threats that MSD faces and help security teams and leaders understand what protections are needed. In recognition of Cybersecurity Awareness Month in October, we gathered their insights into cybersecurity within the pharmaceutical industry.

Can you share some of the biggest challenges you face in tracking cyber threats at a pharma company, and how do these differ from other industries?

Michaela Rojčíková (MR): From a Cyber Threat Intelligence perspective, tracking threats is a difficult endeavor. Many threat actor groups, especially those with financial motivations, frequently rebrand and regroup, making it challenging to consistently track their activities. Compounding the complexity, each vendor uses a different naming convention for threat actors, requiring additional time and effort to synthesize and make sense of their activities.

Operating in the pharmaceutical industry, we are tasked with analyzing a wide spectrum of threats. Some examples include nation-state actors, criminal groups seeking financial gain, and hacktivist groups driven by ideological motivations.

How do you keep up with the rapidly evolving cyber threat landscape, and what tools or resources do you rely on most?

MR: This is truly a challenge for every security team out there. The sheer volume of attacks pushes us to automate as much as possible. We are constantly figuring out how to reduce noise so that we can focus on the most sophisticated actors.

In order to face them, we need to know how they behave, who they target, and how. Much of the relevant information we receive comes from our partners in the healthcare sector. As a member of Health ISAC (Information Sharing and Analysis Center), we exchange information about ongoing attacks with our partners from the industry. Cooperation is what cybersecurity is all about. In cybersecurity, competition is set aside, and we all share our knowledge so that we can all be better equipped to face cyber adversaries.

What does Cyber Awareness Month mean to you personally, and how do you approach it to empower others within the company?

MR: For us, Cyber Awareness Month is about empowering our colleagues to become defenders alongside us. We focus on equipping them with the knowledge to spot social engineering techniques and attackers’ tricks, turning them into the first line of defense for our company. Every time someone identifies and reports a phishing attempt to our team, they actively contribute to strengthening our security.

In your LinkedIn profile, you listed your interest in the ethical application of AI within a legislative context. How do you see AI shaping the future of cybersecurity, especially in industries like pharmaceuticals?

Marina La Fontaine (MLF): My interest in legislation around AI began during my master’s program, where my thesis research uncovered the fragmentation of specific ethical concepts in the drafts of the EU AI Act, with a core focus on how the legislation defines “robust” AI in high-risk systems, which related to how “secure” the systems operated. Since conducting my research a few years ago, AI has become the buzzword everyone is talking about! 

AI will shape the future of cyber security because the wide adoption of any technology gives threat actors new ways to conduct attacks and gives defenders new ways to prevent and mitigate those attacks. Even though AI moves quickly, the cybersecurity community is excellent at pivoting and adapting to new technology…this community loves new challenges. It is all about being strategic and intentional with the approach to securing AI and ML systems while incorporating diverse skill sets to ensure the systems are developed and operate securely, are aligned with business goals, and adhere to ethical guidelines in legislation. I believe the pharmaceutical industry is well equipped to embrace the ethical guidelines for AI deployment in their environments.  

You recently completed the Humanitarian Cybersecurity Training Program. How has this certification impacted your approach to cybersecurity, and what insights did it bring to your current role?

MLF: It is no secret that there is a workforce shortage for cybersecurity professionals, and because of this, it is our duty as defenders to collaborate and help one another work as securely as possible. This certification comes from an incredible organization called CyberPeace Institute, which supports NGOs in adapting and enhancing their cybersecurity practices. 

MSD has partnered with the CyberPeace Institute to share our professional knowledge with different NGOs across the globe. Through this partnership, I, along with other colleagues, connect with NGOs concerning different cybersecurity needs. The experience has been great for me on an analytical level as well, as it allows me to apply my knowledge to a context other than pharmaceuticals.

Can you elaborate on how your passion for geopolitics influences your approach to cybersecurity? Are there specific global events or trends you’re currently watching?

MLF: International security and geopolitical tensions have a direct impact on the cyber threat landscape. Cybersecurity is a fascinating field for this reason — it is where the social and technical systems meet. Nation-states utilize their cyber capabilities to achieve their political goals and interests. We work closely with our Global Security Group to assess which geopolitical events they deem relevant to the company from a physical security perspective, and we dive into the potential ramifications of those events in cyberspace. I personally primarily focus on conflicts in the EMEA (Europe, Middle East, and Africa) region.

Having worked for the National Cyber and Information Security Agency, how has your experience there influenced your approach to cyber threat intelligence in the private sector?

MR: Working at the National Cyber and Information Security Agency has taught me to always be mindful of our customer’s mindset. In the Agency, our audience was wide-ranging, including the Prime Minister, cybersecurity practitioners, and the general public. We consistently tailored information to meet their specific needs and ensure its relevance to them. This remains crucial also in my current role at MSD, where I engage with a wide range of stakeholders on a daily basis.

As a board member of Women4Cyber Czechia, what initiatives or goals are you currently focused on? How does this role complement your work in cybersecurity?

MR: As a board member of Women4Cyber Czechia, I focus on promoting diversity in cybersecurity. Currently, my efforts are centered on facilitating the entry of more girls and women into the field. 

We have collaborated with the Office of the Government of the Czech Republic on the ‘IT Is for Girls!’ project, as the Czech Republic has one of the lowest ratios of women in IT within the EU. This initiative involves visiting elementary schools to inspire young girls and demonstrate that each of them can excel in the field.

Additionally, I have been providing mentorship to women, particularly those returning from maternity leave, to support their career transition and help them start in cybersecurity.

This month, we are planning a visit for Women4Cyber members at MSD to showcase the company’s operations and the opportunities it offers. From my experience, women entering the field might not be aware of all the career options out there, and the visit is designed to show them the range of opportunities different companies have to offer. 

What do you find most rewarding and most challenging about working in cyber threat intelligence, particularly at a pharmaceutical company?

MR: For me personally, it is the ever-increasing numbers of cyber attacks. The threats in the industry are growing not only in numbers but also in their sophistication. This puts a pressure on us as defenders and keeps us pushing to think of new ways to counter our adversaries.