Whether it's for an over-the-counter pain reliever, a cutting-edge cancer drug and now the Covid-19 vaccine, the world's population depends on at least one product made by the pharmaceutical industry.

As you can probably imagine, the pharmaceutical sector is a prime target for cyber attacks.

And there are plenty of reasons. First, the pharmaceutical industry is the third largest industry, after the finance and electronic commerce sector. And especially the data of pharmaceutical companies, including patented drug records, pharmaceutical developments and technology data, are all very valuable information.

And we've already seen ransomware attacks that have successfully shut down entire manufacturing supply chains.

What would happen if such an attack took a COVID-19 vaccine production line hostage or stopped the production of chemotherapy drugs.

We easily understand that the pharmaceutical industry is therefore subject to very strict regulatory compliance obligations, aimed at ensuring the confidentiality, integrity and availability of data.

And just like other private or public business sectors, the pharmaceutical industry is now turning to the Zero Trust security approach that focuses on users, assets and resources instead of just the traditional network perimeter. 

The Zero Trust approach is characterized as the following:

• The network is always assumed to be hostile.
• External and internal threats exist on the network at all times.
• The locality of the network is not sufficient to decide the trust in a network.
• All devices, users and network streams are authenticated and authorized.
• Policies should be dynamic and calculated from as many data sources as possible.
• Anomalies and malicious activity are continuously monitored, typically using SIEM (Security Information and Event Management)

Which controls should be implemented in order of priority?

Based on the CIS controls measurement, here are in order of priority the 6 best practices with the greatest impact.

The image below refers to CIS Controls V7.

In such an approach, a SIEM plays a decisive role both in the detection of anomalies and malicious activities and in the automated management of compliance.

The 6th is the one that aims to collect, manage and analyze audit logs of events that could help detect, understand or recover from an attack.

Every user, device, or system on a network leaves behind a virtual trail of security information, known as log data.

The SIEM solution use this data from analyst logs to identify threats in real time, investigate breaches, and generate information about attacks and events.

It centrally collects, classifies, detects, correlates and analyzes this security information to make it easier for security teams to monitor and troubleshoot IT infrastructure in real time.

A SIEM is the way to meet several requirements and to prove good faith to certification authorities.  Especially since a SIEM can generate highly customizable reports according to the requirements of different regulations, while saving valuable time.

This is all the more true, as in the case of Present's SIEM Perch solution that is provided as a service, to simplify and reduce the time of implementation, administration, maintenance and scaling.

This benefit alone is enough to convince organizations to use a SIEM.

For more information on our IT managed security offer, visit our website and request a meeting with one of our security experts by clicking on the link below.