Page 44 - Cyber Defense eMagazine September 2022
P. 44
Unfortunately, with the evolving threat landscape, many manufacturing organizations within the Life
Sciences sector have been subjected to cyberattacks, including ransomware. The result of these
incidents can have major consequences and business impact.
In late 2020, Favera, a pharmaceutical manufacturer headquartered in Luxembourg, announced that it
was the victim of a cyberattack that caused its operations to come to a halt. While it is unknown how long
it took the organization to restore operations, this incident had an adverse effect on its manufacturing and
supply to consumers.
And let’s not forget the NotPetya attack on Merck in 2017, which was reported to result in $1.4B in losses
for Merck.
What’s at stake
Downtime from a cyberattack is costly and unproductive. However, it’s not only a financial or intellectual
property impact, but also a community impact. Trillions of products (including medicines and vaccines)
are delivered to hospitals and the global market annually to support our loved ones – moms, dads, sons,
daughters and so on. When you think about the broad consumption of these products, our daily lives
depend on the mission of Life Science companies to ensure supply reliability and product quality.
These manufacturing operations are essential to our economy. Sadly, many threat actors are motivated
to carry out cyberattacks for various reasons – financial gains, espionage or competitive advantages –
because they understand what’s at stake and how vulnerable many Life Sciences manufacturing facilities
are to sophisticated threats, and modern-day tactics and techniques.
Steps to mitigate risk
Fortunately, several steps can be taken to mitigate the risk of cyberattacks and improve your overall
cybersecurity posture. Following are some recommended action areas, based on recurring exposures
seen in Life Sciences cybersecurity assessments. As you read through the questions below, reflect on
your organization’s current practices and where you may be in the maturity of your cybersecurity journey.
• How are you bringing together IT and OT stakeholders? – You must share domain knowledge
and experience from both worlds to evaluate and mitigate risk. Use a Cybersecurity Framework
such as NIST to identify gaps in your IT/OT security posture using a cross-functional team (IT
Staff, Security SMEs, Control Engineers, and third-party trusted partners). Use this framework to
develop or maintain a unified strategy that addresses the converged IT and OT environments.
• How are you prioritizing security gaps? – You must be efficient with risk reduction decisions to
get the greatest return on risk avoidance investments. Use a risk-based approach to prioritize
those gaps and develop a strategic roadmap for closing the gaps based on criticality levels or the
asset owner’s risk tolerance. Not all ICS vulnerabilities share the same risk level; align on risk.
Cyber Defense eMagazine – September 2022 Edition 44
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.