News, news analysis, and commentary on the latest trends in cybersecurity technology.

Big Pharma Finds Patch Management a Bitter Pill

One-quarter of pharmaceutical manufacturers received a failing grade on patch management, which is a vital step in heading off ransomware attacks.

Dark Reading Staff, Dark Reading

February 3, 2022

1 Min Read
A heatmap showing how pharmaceutical companies ranked across 19 categories of cybersecurity
Source: Black Kite

"The 2021 Ransomware Risk Pulse: Pharmaceutical Manufacturing" report from Black Kite grades the performance of the top 200 companies from the Pharma 1000 on various aspects of security preparedness. Overall, the group got a B rating, indicating a decent level of preparedness to fend off ransomware, but there were holes in coverage.

Most companies rated well across most of the security postures, including awareness of attack surface (196 As, 4 Bs), fraudulent apps (185 As, 11 Bs, 4 Cs), and social media risks (189 As, 9 Bs, 1 C, and 1 F).

However, a quarter of the companies need to improve their patch management; 50 out of the 200 companies rated an F here, with another 8 earning a D. Other weak spots included content-delivery network (CDN) security (48 Ds, 2 Fs), credential management (8 Ds, 36 Fs), and application security (18 Ds, 22 Fs). In the area of information disclosure practices, 41 companies got Ds and 7 got Fs — a little alarming for medicine-adjacent companies.

But the biggest area for improvement is in SSL/TLS strength. While only 24 failed outright, another 81 squeaked by with a D grade — which means over half of the companies examined (105 of 200) got a D or lower when it comes to encrypting Internet communications.

Overall, the study offers some positive feedback, but even more importantly it points out where cybersecurity needs to improve. View the full pharmaceutical manufacturing sector report on Black Kite.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights