News, news analysis, and commentary on the latest trends in cybersecurity technology.
Big Pharma Finds Patch Management a Bitter Pill
One-quarter of pharmaceutical manufacturers received a failing grade on patch management, which is a vital step in heading off ransomware attacks.
"The 2021 Ransomware Risk Pulse: Pharmaceutical Manufacturing" report from Black Kite grades the performance of the top 200 companies from the Pharma 1000 on various aspects of security preparedness. Overall, the group got a B rating, indicating a decent level of preparedness to fend off ransomware, but there were holes in coverage.
Most companies rated well across most of the security postures, including awareness of attack surface (196 As, 4 Bs), fraudulent apps (185 As, 11 Bs, 4 Cs), and social media risks (189 As, 9 Bs, 1 C, and 1 F).
However, a quarter of the companies need to improve their patch management; 50 out of the 200 companies rated an F here, with another 8 earning a D. Other weak spots included content-delivery network (CDN) security (48 Ds, 2 Fs), credential management (8 Ds, 36 Fs), and application security (18 Ds, 22 Fs). In the area of information disclosure practices, 41 companies got Ds and 7 got Fs — a little alarming for medicine-adjacent companies.
But the biggest area for improvement is in SSL/TLS strength. While only 24 failed outright, another 81 squeaked by with a D grade — which means over half of the companies examined (105 of 200) got a D or lower when it comes to encrypting Internet communications.
Overall, the study offers some positive feedback, but even more importantly it points out where cybersecurity needs to improve. View the full pharmaceutical manufacturing sector report on Black Kite.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024