Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Just What The Cyber Doctors Ordered – OT For Pharmaceutical Companies
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware

Just What The Cyber Doctors Ordered – OT For Pharmaceutical Companies

5 years ago Bob Covello
Just What The Cyber Doctors Ordered – OT For Pharmaceutical Companies

Several digital attacks against pharmaceutical companies have made news in the past few years. Back in 2017, for instance, Merck fell victim to NotPetya. The wiper malware spread to the pharmaceutical giant’s headquarters, rendered years of research inaccessible, affected various production facilities and caused $1.3 billion in damages, according to Bloomberg News. A couple of years later, European Pharmaceutical Review reported that Swiss multinational healthcare company Roche had suffered an attack at the hands of the Winnti malware group—just one year after Bayer confirmed an incident concerning the same attackers.

Attacks in the pharmaceutical industry haven’t slowed down since then. According to Help Net Security, organizations in the pharmaceutical and biotech sectors witnessed a 50% increase in digital attacks between 2019 and 2020. It appears that at least part of those attacks originated from nation-state actors who specifically sought to steal COVID-19 vaccine research. Beyond that aim, SCADAfence noted that nation-state actors commonly target organizations in those two sectors to steal intellectual property and gain a technological or commercial advantage for companies in their own countries.

There are lots of factors behind these attacks. One of the main ones is the ongoing convergence between Information Technology (IT) and Operational Technology (OT). Pharmaceutical organizations are turning to sensors and other IT devices as a means of optimizing their manufacturing processes. In doing so, however, they’re exposing their aging OT assets that weren’t designed with security in mind to the Internet—and, by extension, to digital attackers who would wish to tamper with their OT environments.

16 Sectors That Impact Us All

The IT-OT convergence doesn’t pose security challenges to only pharmaceutical organizations. After all, the pharmaceutical sector is just one of over a dozen industries where we find critical infrastructure.

When we look at critical infrastructure, the 16 sectors touch just about every aspect of our lives. In the past, attacks on critical infrastructure were very small and localized. For example, bank robbers would affect a single entity within the financial services sector, and the government would respond by building regulations to address these types of disruptions.

But with the introduction of networks and broad interconnections, attacks against critical infrastructure are much more threatening nowadays. As mentioned above, research facilities have been the targets of attacks as malicious actors have attempted to steal valuable research data pertaining to a COVID-19 vaccine. Once vaccines were developed, new attacks targeted the vaccine supply chain. This all points to reasons why pharmaceutical companies need to pay strict attention to cybersecurity.

In response to these threats, ISA Cybersecurity wrote that pharmaceutical companies should consider investing in a security awareness training program. Organizations can use those kinds of programs to educate their entire workforce about threats confronting the pharmaceutical sector, thereby helping to build a positive security culture. It’s also important that organizations classify their data so that they can implement proper data security controls and formulate an effective backup strategy as well as enact other security measures to help prevent malicious actors from moving laterally throughout the network.

These recommendations raise an important question: how can pharmaceutical organizations go about setting up these security controls if many of them don’t even know where to start?

A Good Luck Moment

OT security is often a long-term, strategic initiative. One such respected guidance that has been in use for many years is the Center for Internet Security (CIS) Critical Controls. I recall a story of a cybersecurity professional who was seen carrying a printed copy of the CIS Controls document on an airplane. Seeing this, a fellow passenger said, “Good luck.”

The reality is that many organizations have tried to manually incorporate the CIS Critical Controls into their environment and have realized that luck is not going to help them achieve that goal. Fortunately, Tripwire’s white paper, “Cybersecurity for Pharmaceutical Companies,” offers advice about how to protect the pharmaceutical industry from an Operational Technology (OT) perspective. It discusses how Tripwire’s full collection of products can help not only a pharmaceutical company but any organization that desires to bolster its OT security.

When we think of all the sectors of critical infrastructure that are tied to the simple concept of a pharmaceutical product, the overlap shows why each sector functions towards mutual support of other sectors. Pharmaceuticals are strongly tied to the chemical sector, which is also tied to the transportation and financial industries, which are also connected to commercial facilities and communications sectors. I think you get the point.

Tripwire Helps Pharmaceutical Companies

Tripwire offers foundational controls for a solid cybersecurity strategy to preempt cyber-attacks on IP-based systems. Whether it is a database of clinical trial data, drug formulas or a pharmaceutical industrial control system, Tripwire offers an assortment of security products to protect your critical systems.

To learn more, download your copy of Tripwire’s white paper today.

The post ” Just What The Cyber Doctors Ordered – OT For Pharmaceutical Companies” appeared first on TripWire

Source:TripWire – Bob Covello

Tags: Coronavirus, COVID-19, Critical Severity, Finance, Goverment, TripWire

Continue Reading

Previous Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock
Next What in the World Is a CISO?

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

2 days ago [email protected] (The Hacker News)

Recent Posts

  • Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
  • Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
  • CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
  • Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
  • China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT