India’s pharma firms need strong cyber defenses, says cybersecurity expert

Indian pharmaceutical companies are witnessing a concerning surge in ransomware attacks. Sun Pharmaceutical Industries, the largest Indian pharma company, and others like Lupin, IPCA Laboratories, and Aarti Drugs have all experienced these attacks in previous years. This growing trend emphasises the urgent need for these companies to strengthen their preparedness against evolving cyber threats. In an exclusive interview with BT, Dick Bussiere, Technical Director at Tenable, a US-based cybersecurity company, shared his insights on combating cyberattacks, the role of exposure management in cybersecurity, and the way forward. Edited excerpts:

BT: Do Indian pharmaceutical organisations need a new approach to cybersecurity, given their perpetual vulnerability to cyberattacks?

DB: Cybercriminals often exploit data breaches resulting from unpatched vulnerabilities and fundamental misconfigurations. Pharmaceutical organisations’ production networks face a critical challenge due to a lack of visibility into vulnerable assets. For instance, drug manufacturers may mistakenly assume that their operational technology (OT) systems are air-gapped, when in reality, IT and OT are increasingly interconnected. This lack of understanding poses risks to critical assets. Operational technology environments require a distinct vulnerability management strategy compared to IT environments. Therefore, the pharmaceutical sector needs a new security approach that prioritises assets based on contextual understanding and provides insights into which assets should be protected first and why.

BT: How can pharmaceutical organisations overcome the challenge of network monitoring in OT environments and continuously assess their surroundings?

DB: Achieving operational security necessitates a complete inventory of assets within OT environments. Organisations cannot protect assets they are unaware of, yet comprehensive asset inventory is hindered by the belief that actively injecting traffic into an OT network is dangerous. However, most OT security teams still rely on manual techniques and spreadsheets, lacking a reliable method to verify inventory accuracy. To obtain real-time, accurate inventory, the pharma sector can adopt the practice of querying the infrastructure. This addresses two fundamental problems: providing visibility into sections of the network not passively monitored and enabling security teams to understand the state and level of risk for each device.

Querying ensures that assets, which would otherwise remain undiscovered, are identified when they respond to identification requests. Security teams can also address issues such as vulnerability management, configuration management, and the detection of unauthorized code changes. Ultimately, querying significantly reduces deployment costs and complexity while enabling continuous monitoring of the attack surface.

BT: How can organisations in the pharmaceutical industry ensure the protection of their most critical assets, considering the importance of intellectual property?

DB: The pharma industry is among the most targeted sectors by threat actors, and cybersecurity remains a growing challenge. The root of this problem lies in the lack of visibility and control in ICS networks used in pharma manufacturing. Despite operating in a highly regulated environment, these networks often lack basic controls necessary for maintaining security. For example, control devices such as PLCs and RTUs commonly lack authentication, use default passwords, and fail to encrypt communication, making it impossible to prevent unauthorized changes. Pharma organisations can benefit significantly by gaining visibility into their entire environment, creating an asset inventory that includes “unknown unknowns,” and understanding how these assets interact with each other. Visibility and contextual understanding enable early detection of incidents caused by cyberattacks or human error, allowing problems to be addressed before they cause disruptions.

BT: How can exposure management benefit the pharmaceutical industry?

DB: Securing the modern attack surface requires a comprehensive understanding of all relevant conditions in complex environments. Focusing solely on software vulnerabilities does not provide a complete picture of cyber risk. The attack surface cannot be viewed in isolation. Pharma companies need to consider vulnerabilities, misconfigurations, identity access management issues, cloud security, and more, with context in mind. It is essential to view all software vulnerabilities, misconfigurations, user system interactions, and access levels correlated together, whether it occurs on a laptop, application, or programmable logic controller (PLC).

Exposure management brings together technologies such as vulnerability management, web application security, cloud security, identity security, attack path analysis, and external attack surface management. This comprehensive approach enables organisations to understand the breadth and depth of their exposures and take actions to reduce them through remediation and incident response.

BT: How can pharmaceutical organisations strengthen their security posture and make it more challenging for adversaries to carry out attacks?

DB: Pharmaceutical companies can enhance their security posture by adopting exposure management, which comprehensively assesses the entire threat surface. The effectiveness of exposure management solutions relies on integrating data from various tools to ensure comprehensive analysis of the entire organisational environment. Given the vast attack surface and the multitude of security alerts faced daily, clear and concise prioritisation is crucial for impactful reduction of cyber risk. Traditional vulnerability management often focuses on patching known vulnerabilities without prioritising the most critical ones. Exposure management enables prioritisation based on the specific impact on the organisation. For instance, if multiple laptops within the organisation have the same vulnerability, exposure management allows prioritising remediation for the laptop belonging to a user with access to sensitive customer data. This targeted approach enhances security posture more effectively than traditional vulnerability management.

No Byline Policy

Editorial Guidelines

Corrections Policy

Source