Big Pharma Finds Patch Management a Bitter Pill

"The 2021 Ransomware Risk Pulse: Pharmaceutical Manufacturing" report from Black Kite grades the performance of the top 200 companies from the Pharma 1000 on various aspects of security preparedness. Overall, the group got a B rating, indicating a decent level of preparedness to fend off ransomware, but there were holes in coverage.

Most companies rated well across most of the security postures, including awareness of attack surface (196 As, 4 Bs), fraudulent apps (185 As, 11 Bs, 4 Cs), and social media risks (189 As, 9 Bs, 1 C, and 1 F).

However, a quarter of the companies need to improve their patch management; 50 out of the 200 companies rated an F here, with another 8 earning a D. Other weak spots included content-delivery network (CDN) security (48 Ds, 2 Fs), credential management (8 Ds, 36 Fs), and application security (18 Ds, 22 Fs). In the area of information disclosure practices, 41 companies got Ds and 7 got Fs — a little alarming for medicine-adjacent companies.

But the biggest area for improvement is in SSL/TLS strength. While only 24 failed outright, another 81 squeaked by with a D grade — which means over half of the companies examined (105 of 200) got a D or lower when it comes to encrypting Internet communications.

Overall, the study offers some positive feedback, but even more importantly it points out where cybersecurity needs to improve. View the full pharmaceutical manufacturing sector report on Black Kite.