CIS TOP 20 - An Effective Framework for Pharmaceuticals
Pharmaceuticals are organisations we trust in providing critical health care - medication for our community. There are thousands of pharmaceuticals across Australia. Our dependence on obtaining medications to cure disease, vaccinate, and alleviate symptoms is a core function within the Health system.
In being able to attain medication, strong personal health records are required to release and distribute the medication. Pharmaceuticals hold personal records to repeat dosages and promote ease of distribution in the event of an emergency. It is also important to note, creating medication requires constant research and development, emphasising the importance of Intellectual Property.
Unfortananlty, Cybercriminals target pharmaceuticals and health providers because of the important data they are interacting with (e.g., personal data, financial data, Intellectual Property).
Here are the top risks that Pharmaceuticals face today from Cybercriminals:
Targeted Attacks - According to the Australian government's intelligence, Pharmaceuticals are within the list of highest targeted attacks led by foreign government Cybercriminals.
Ransomware - ransomware attacks have caused worldwide organisations to shut down. The U.S. healthcare and pharmaceutical industry experienced nearly 200 ransomware incidents that resulted in an estimated total cost of $157 million.
Phishing attacks - Cybercriminals are targeting small businesses because they view these as low-hanging fruits. According to AJP, 6.4 billion phishing emails are sent every day to find those targets. The health sector, including pharmacies, has become a target because health data can be worth three times as much on the dark web as bank data.
Third-parties - Pharmaceuticals rely on suppliers' services to carry out day to day operations. If any of their critical suppliers within their supply chain were to experience a serviceability issue or data breach, their organisation would be affected operationally, and their reputation will be damaged. COVID-19 was a strong business case of the supply chain's importance on Australian organisations' ongoing operations.
Understandably, lifting the entire area of risk is not possible in a short period. We recommend following a prioritised approach by addressing the most effective and crucial controls that protect the Pharmaceuticals against common Cyber threats.
The CIS Top 20 framework consists of a recommended set of actions to improve the Cyber defence in specific and actionable ways to stop today's most pervasive and dangerous attacks. A principal benefit is that they prioritise and focus on a smaller number of actions with high pay-off results. The Controls are adequate because they are derived from the most common attack patterns highlighted in the leading threat reports and vetted across a vast community of government and industry practitioners.