Reposify released its Pharmaceutical Industry Attack Surface Exposures Report examining the security posture of the world’s leading pharmaceutical companies. The report analyzed eighteen leading pharmaceutical companies and their nine hundred plus subsidiaries worldwide to assess the prevalence of exposures of services, sensitive platforms, unpatched CVEs and other security issues. Among key insights were some troubling numbers:
- 92% of pharmaceutical companies had at least one exposed database with potential data leakage.
- 46% of pharmaceutical companies had an exposed SMB service. SMB exposures were previously exploited in other infamous attacks, like WannaCry, NotPetya and Nachi and Blaster worms.
- In 70% of pharmaceutical M&A deals in 2020 that were analyzed, the newly acquired subsidiary had a negative impact on the security posture of the parent company – adding tens, in some cases, hundreds of sensitive exposed and unpatched services.
“The pharmaceutical sector is one of the largest contributors to the global economy and human welfare,” said Uzi Krieger, CEO of Reposify. “But pharmaceutical companies are struggling to protect their distributed network perimeter from increased cyber-attacks coming from well-funded and well-organized hacking groups on the hunt to steal and hold valuable, confidential data for ransom or other nefarious acts. COVID-19 is still ravaging parts of the world, variants are spiking, and the safety of clinical research, manufacturing and supply chains have never been so important to humanity, and yet, pharmaceutical companies remain ill prepared and unsecured, spiraling the industry into red level vulnerability to external attacks. “
Analyst Notes
All organizations who have databases are highly recommended to employ a penetration service, such as our sister company Trustedsec, who can search for and attempt to ethically breach systems so that they can find security weak points and provide detailed reports about the security systems. If they find any unsecured databases, they will be identified so the company can secure them properly.
Source Article: https://www.helpnetsecurity.com/2021/08/03/pharmaceutical-companies-exposed-database/
