As organizations’ Operation Technology (OT) become increasingly digitized and integrated with IT networks, threats to these operations grow in tandem.
In the Pharma Life Sciences industry, an operational disruption can pose a significant risk not just for the company itself, but also for downstream consumers. Production of goods can be critical to supporting the healthcare system at large, and failures in this space may have a considerable adverse impact on hospitals, patients, and other market consumers. As such, it is imperative that the OT environments supporting production and distribution remain secure and resilient and adopt a proactive approach to managing the risks of increased cyber-attacks in this industry.
Integrating the OT and IT sides of the house can include benefits such as:
These perks come at a cost. This includes an expanded attack surface, new threat vectors, and increased scope of assets to monitor and manage. So how can a PLS manufacturer begin to maneuver the risks found in their OT environment? Let’s look at the top three areas that organizations need to grapple with to begin to reconcile their OT security programs.
1
2
3
Enhance Visibility: You can’t possibly mitigate risks if you don’t know where to look in the first place. It is vital to maximize visibility and control of the OT environment and to manage connections with the IT network. This includes advancing asset management capabilities to know what devices are on your network and monitoring the access to and activity of these assets. Enhancing asset intelligence enables:
Increasing awareness of the critical points in the network and overall visibility of the assets and activity in the operational environment can enable organizations to focus on building in security functions that provide resiliency when facing threats.
In the Pharma Life Sciences industry, organizations must take a proactive approach to managing risks associated with the converging IT/OT landscape. By ensuring robust governance over people, process, technology and data, and establishing a risk management process that aligns to the priorities of the OT environment, organizations can aim to lower the impact of failures and build resilient OT programs.
At KPMG, we can help our clients manage these risks through our industry experience across an array of OT cybersecurity issues including asset management, network monitoring, risk prioritization, and OT program governance.
KPMG professionals are passionate and objective about cyber security. We’re always thinking, sharing and debating. Because when it comes to cyber security, we’re in it together.
Read moreThe latest news and updates on how organizations can manage risk in today's environment.