By John Allen, strategic pharma consultant, Radiflow
It’s hard to read the headlines these days without learning of a new data breach or cyber-attack. These attacks can put sensitive personal information at risk, expose trade secrets, cripple organisations financially and leave them with a mar on their reputation. Unfortunately, the frequency and sophistication of cyber-attacks has increased in recent years. According to Check Point Research, between 2020 and 2021, attack attempts on corporate networks around the world rose by 50%. These threats have had a direct impact on organisations of all types and have forced them to put greater emphasis on cybersecurity efforts.
Like all sectors, the pharmaceutical industry continues to be plagued by these issues. Merck’s NotPetya attack in 2017, which resulted in $1.4B in losses for the company, was a prominent example of the havoc that such attacks can wreak, but the issues extend far beyond that. In recent years, the industry has seen a troubling increase in attacks, both on IT and Operational Technology (OT), specifically industrial automation and control systems that are often utilised in R&D, manufacturing and warehouses. While historically IT has been the focus of cyber threats, attacks on OT systems are rising and the devastating effects they can have means OT security demands immediate attention.
Understanding the Challenge
The OT ecosystem faces a few key challenges when it comes to cybersecurity. First, OT environments tend to be somewhat fragmented, with system and machine operation often spread across numerous factories, warehouses and R&D facilities. This fragmentation, combined with digital ambitions requiring more OT to be connected to networks, creates an increase in the attack surface and thus increasing vulnerability.
Another issue is that OT systems have not traditionally placed cybersecurity in a leading role. While IT operators prioritise cybersecurity, followed by system availability and safety, the OT approach flips that on its head, prioritising safety and uptime with cybersecurity following behind. This is likely due in part to the fact that OT systems are maintained by engineers and lab technicians who are responsible for ensuring the functionality and safety of the systems, not cybersecurity professionals, who are more focused on the issue of cyber threats. However, in today’s environment, with the threat of potentially debilitating cyber-attacks ever growing, this approach must be reassessed with consideration to an OT Cybersecurity Operating model being defined and implemented. OT cybersecurity must be more of a priority for pharmaceuticals if they hope to avoid cyber threats that could impact everything from their operational efficiency to their bottom line to their customers’ safety.
It may be counterintuitive to think that a laser focus on safety within labs and manufacturing sites could be detrimental to a company’s overall health, as well as the health of its customers and end users. Of course, employee safety as well as system availability, are critically important issues that are integral to the overall success of any corporation, within the pharmaceutical world and beyond. However, OT security plans that fail to give sufficient attention to possible cyber threats are ignoring the current climate and potentially setting their organisations up for disaster.
If a breach or downtime of critical systems in laboratories or manufacturing facilities does occur, the results could be devastating, as the production of critical medicines and medical equipment is delayed and slowed down from reaching those who need them. To effectively combat today’s ever-present cyber threats, OT system operators must have the tools to conduct constant discovery and monitoring across the entire OT network and be able to effectively prioritise risk and take quick action where needed to secure the ecosystem.
For OT system operators in pharmaceuticals, success in fighting cyber risks starts with having a holistic view of the OT network and being able to see all assets clearly. Effective network management requires complete, uninterrupted visibility into all its components and topology so that issues or anomalies can be spotted quickly, no matter where they occur. Should an issue be detected, it’s then critical that operators have the tools to identify what and who is threatening the network. This will help them gain a firm grasp of the severity of the risk, if or how far the network has been compromised, and the potential impact of a breach. All this information is necessary to properly assess the issue and accurately prioritise it.
Prioritise and Act
Most organisations lack the manpower and funding to give every possible risk equal time and attention. The ability to prioritise threats that pose the most risk to the company as a whole is critical. This enables businesses to optimise their cybersecurity expenditure and increase the ROI of the entire cybersecurity operation. In addition to being able to confront the immediate threat, complete insight into the network and the ability to effectively identify the biggest risks helps operators proactively address potential network vulnerabilities and provides important decision-making resources for future budgeting, risk reduction planning and closing compliance gaps.
Of course, when a possible threat is detected, it’s critical that OT operators in pharmaceuticals have the tools to act immediately. In these situations, running multiple “what-if” scenarios can help operators make intelligent, informed decisions that optimise cybersecurity ROI and effectively prioritise risk mitigation to fit an organisation’s specific needs. Once a plan is chosen, clear tracking and reporting with accurate, near real-time updates help OT teams work to address the risk, better understand progress, and know when the issue has been contained.
Unfortunately, the cyber threat landscape continues to evolve and mature, with attacks increasing in sophistication and frequency. While the focus in OT has traditionally been around safety, quality and performance, OT operators must now reassess their thinking and make cybersecurity (“Cyber Safety”) a top priority if they hope to keep their organisations safe in today’s challenging environment. This means having the tools, processes and resources to enable continuous, real-time monitoring of activity across the entire OT network, the ability to quickly identify any anomalies that might be indicative of a breach, and crucially, the power to act on them swiftly. The traditional approach to OT is no longer viable in today’s world. Pharmaceutical organisations must recognise that and act now to protect themselves against growing risk and ensure a safe and secure future.