Pharma cos require new cyber security approach ‘exposure management’ to look at software vulnerabilities
|
Shardul Nautiyal, Mumbai
June 30 , 2023
|
|
Pharma organizations require a new cyber security approach known as ‘exposure management’ to look at software vulnerabilities, misconfigurations, identity access management issues, cloud security and attack surface management, among others.
Exposure management prioritizes assets based on business context, enabling effective cyber risk management. To achieve this, organizations should embrace a proactive security stance, considering cyber security as a material financial risk and prioritizing the protection of their most critical assets.
In March 2023, Indian pharmaceutical giant, Sun Pharma witnessed a ransom ware attack that adversely affected its revenue. Sun Pharma had also announced that it is anticipating reduced revenue as the organization is taking measures to contain the incident. The cost of data breaches in this sector is huge.
On an average, a data breach can cost pharma organisations USD 5.01 million. The pharmaceutical industry's key components are based on innovation with comprehensive R&D investments, intellectual property, and patented data.
According to Dick Bussiere, technical director, Tenable, “Anytime any data or property is affected or exploited by an attack, it can result in devastating losses which can erode patient and consumer trust. Relentless attacks in this sector have made protecting data and IP, mitigating third-party and supply-chain risks, and securing the OT environment top concerns for organisations.”
Tenable is an exposure management company designed to help organizations gain visibility across modern attack surfaces and prevent cyber attacks while acutely communicating cyber risk to support optimal business performance.
“The modern attack surface is complex and constantly evolving. Understanding all of the conditions cannot be done in a vacuum. It requires looking at software vulnerabilities, misconfigurations, identity access management issues, cloud security, attack surface management and more with the right context. Context counts as it helps organizations gain full visibility into who is using what systems, the level of access they have and know which systems are most vulnerable, thereby prioritizing remediation efforts,” Bussiere explains.
Bussiere further adds that this is what exposure management entails and it can help pharma companies achieve a better security posture as it brings together risk-based vulnerability management, web application security, cloud security, identity security, attack path analysis and external attack surface management in one unified space. It ensures organizations reduce cyber exposure and build up defenses that are difficult to breach.
“To address this, organizations must cultivate an environment of open and vocal commitment, emphasizing that cyber risk is synonymous with business risk. It is the responsibility of chief information security officers (CISOs) to effectively communicate this message to leadership, ensuring that security policies permeate throughout the organization,” Bussiere further explains.
Given the dynamic and extensive nature of the attack surface, attaining complete security is an unrealistic goal. However, organizations can showcase their proactive approach by implementing preventive measures to minimize risks. This begins with promptly patching known vulnerabilities since even a minor security flaw can serve as an entry point for significant breaches or ransomware attacks when exploited by cybercriminals. It is also crucial to ensure that device configurations comply with industry-standard security so that devices are hardened by default. By prioritizing cyber hygiene fundamentals, organizations can significantly reduce their appeal to cybercriminals.
“CISOs and security teams should identify the relevance of cybersecurity to each employee. For example, account department personnel may not grasp the significance of patching 4,000 systems, but if security teams highlight critical vulnerabilities on a platform that generates significant revenue and protects assets worth millions of dollars, the accountants will instantly comprehend the importance of cyber security,” Bussiere further said.
|
|
|
|
|
TOPICS
|
That foods might provide therapeutic benefits is clearly not a new concept. ...
|
|
|
|