SECURING THE PHARMA MANUFACTURING SUPPLY CHAIN

Cyber Criminals Are Knocking at Your Backdoor

As a Pharma Manufacturer, did you know your supply chain could significantly increase your organization’s risk for cyber-attack?  The “new normal” has forced Pharma manufacturing to adopt innovative, digitalized processes and communications.  But your third-party intermediary exchange could be the backdoor providing cybercriminals access to your manufacturing network.

On-demand manufacturing processes rely on cloud-based, real-time interaction with suppliers, storage facilities, and transportation.  Today’s highly sophisticated cybercriminals know hot exploit even the smallest chink in your armor to achieve their desired outcome.  Cloud technologies supporting your manufacturing supply chain could be the weakest link that bad actors seek.

Connecting your system to third-party vendors through the Iiot (Industrial Internet of Things) exposes your manufacturing network along with all partners in your supply chain.

During the pandemic, the largest owner and operator of temperature-controlled warehouses that provide specialized storage of vaccines experienced a ransomware attack.  And cyberattacks on shipping and logistics firms tripled between 2019 and 2020.  Poorly managed multi-vendor identities and permissions within the cloud environment can open your network to cyber-attack vulnerability.

So, how can you mitigate risk against supply chain attack?  

Install a modern NextGen Firewall (NGFW) to detect and prevent most attacks.  The key, however, is to properly configure your NGFW.  JSCM’s tech team has found that most firewalls, even NGFWs, are not adequately configured to detect threats from internal and external sources.

Adopt a Zero-Trust Network Architecture (ZTNA) to allow only necessary user access.  A smaller footprint minimizes capability of attackers gaining a foothold within your network.  In a recent ransomware-based attack, JSCM’s critical incident response team determined that the attacker accessed the client network through a third-party vendor.  Had ZTNA been deployed, the attack would have simply been an annoyance rather than the resulting million-dollar complete network rebuild.

Periodically perform a cyber and risk assessment of your cloud providers utilizing widely accepted and adopted standards such as the NIST 800-171.  Knowing your exposure and potential data infiltration points will allow you to better plan and prepare for the inevitable outage caused by an attack.  Further, you avoid being liable for an IP, PII, or HIPAA violation because of an attack originating at a third-party or supply chain vendor.

Create a log trail with Identify and Access Management (IAM) protocols.  A proper log trail is the first step in determining the source of an attack.  In JSCM’s experience, most organizations do not have proper IAM controls in place.

Review your cyber security coverage.  A robust data protection and cyber security policy will help defray costs of detecting and correcting a breach.  Time is money, especially downtime during recovery.  Be sure you’re covered in the event of an attack.

Pharma is one of the largest and most profitable industries in the world.  As a Pharma Manufacturer, regardless of where the cyber attacker penetrates your supply chain, you ultimately bear the legal responsibility.  For more information about how to safeguard your network and reduce vulnerability, contact JSCM Group today at JSCMGroup.com or 704.464.4468.