Webinar Recap: Pharma’s Challenge to Understanding Threat Vectors

Sepio & CyLumena Discuss Current Cybersecurity Risks to Pharma, Life Science & Biotech

CyLumena and Sepio leaders sat down to discuss cybersecurity challenges faced by pharmaceutical, life sciences, and biotech companies, particularly in light of distributed workforces, the pandemic, and the race for a vaccine. We discuss how software and network security is not enough to have full visibility and protection across all assets and intellectual property.

This insight provides a sample of topics covered. You can watch the 30-minute conversation here [LINK] to webinar.

The Unique Cyber Needs of Pharma, Life Sciences & BioTech

CyLumena’s Director of Cyber, Chris Hart, is a former CISO of Life Technologies and CTO Cyber of Thermo Fisher. He spoke with Jay Smilyk, CRO of Sepio Systems , about the special circumstances that make cybersecurity critical in this industry.

The CIA triad includes confidentiality, integrity, and availability. These are paramount to the function and goals of pharma and life science organizations. This industry requires consistency across long pipelines, strict manufacturing requirements, and complex distribution channels.

From a CyLumena perspective, cybersecurity needs to be more than an internal service, but a business partner across GXP processes, manufacturing, labs, etc. And, because these organizations have a difficult job in protecting all layers of their network across IT, IoT, and OT, partnering early and throughout lowers risk and supports business and market objectives.

The Defense & Depth Model Isn’t Enough Now

The pandemic has accelerated a decentralized workforce trend in pharma and life sciences. However, #WFH caused many organizations to spin up employee expensed devices purchased and used outside typical channels. Soon, the industry will need to deal with distributed hardware that starts to come back to the organization.

The egg approach to security – a crisp outer shell of defense and a soft and flexible inside – breaks down with decentralized and mobile computing. Network visibility is critical in this scenario and many organizations are working now to ramp that up.

Cyber Adversaries & Threats Are Increasing…Evolving

May long-game adversaries are the same, including nation states who collect information over decades. They’re efforts have ramped up during the pandemic and the race for a vaccine. However, the barrier to entry is low for organized crime and individual hackers. They have access to the same tools as we do through underground services.

While threats like corporate espionage continue, criminals are using indirect methods to steal information or disrupt an organization. Insider threats from disgruntled employees who are recruited to steal information, hackevists who want to make a statement, and even purchasing hardware or equipment through open sources that have bad content, increase the threat vector minefield. Some go as far as recruit and place employees who bring in a USB drive or Raspberry Pi configured to grab information.

Today’s cyber criminals have a more focused blast ratio, conducting prevision attacks with specific targets. Reducing the threat landscape requires visibility across software, the network, and hardware. This is particularly true now that people may not be monitoring data centers in person as frequently.

CyLumena Partnered with Sepio to Drive Greater Visibility

Jay asked Chris why CyLumena chose to partner with Sepio Systems and offer hardware access control solutions like HAC 1.

Chris said that he has three tenets he assesses for every client:

1. What’s on their network?
2. How are things done? What processes do they have? How do they create products? What’s their go-to-market workflow?
3. What are their industrial adversaries?

He finds that CyLumena’s target customer – organizations $25M-$2B in annual sales – tend to struggle with knowing clearly and comprehensively what’s on their network. He looked into Sepio for over a year and found their solutions as a robust complement to the standard stack.

“Security is like brakes on your car.”

Chris illustrated this point with a story from ???. Brakes on your car aren’t really to help you stop. While their function is to slow you down, their purpose is to allow you to go fast.

The same is true for cybersecurity. Having the right restrictions, along with visibility into threats, allows your organization to gain speed and innovate. That’s exactly what pharma and life sciences want.

So much is spent on software and network cybersecurity, but visibility into hardware is particularly crucial for pharma and life sciences. Our goal is the reduce the threat landscape, which can’t be achieved without a crisp, complete and timely view into central and distributed hardware.