News, news analysis, and commentary on the latest trends in cybersecurity technology.
Big Pharma Finds Patch Management a Bitter Pill
One-quarter of pharmaceutical manufacturers received a failing grade on patch management, which is a vital step in heading off ransomware attacks.
"The 2021 Ransomware Risk Pulse: Pharmaceutical Manufacturing" report from Black Kite grades the performance of the top 200 companies from the Pharma 1000 on various aspects of security preparedness. Overall, the group got a B rating, indicating a decent level of preparedness to fend off ransomware, but there were holes in coverage.
Most companies rated well across most of the security postures, including awareness of attack surface (196 As, 4 Bs), fraudulent apps (185 As, 11 Bs, 4 Cs), and social media risks (189 As, 9 Bs, 1 C, and 1 F).
However, a quarter of the companies need to improve their patch management; 50 out of the 200 companies rated an F here, with another 8 earning a D. Other weak spots included content-delivery network (CDN) security (48 Ds, 2 Fs), credential management (8 Ds, 36 Fs), and application security (18 Ds, 22 Fs). In the area of information disclosure practices, 41 companies got Ds and 7 got Fs — a little alarming for medicine-adjacent companies.
But the biggest area for improvement is in SSL/TLS strength. While only 24 failed outright, another 81 squeaked by with a D grade — which means over half of the companies examined (105 of 200) got a D or lower when it comes to encrypting Internet communications.
Overall, the study offers some positive feedback, but even more importantly it points out where cybersecurity needs to improve. View the full pharmaceutical manufacturing sector report on Black Kite.
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024