1. How have recent shifts in the cyber threat landscape been affecting critical infrastructure?
The Internet of Things and the security risk to critical infrastructures…
While personal networks are a significant concern, the growth of the Internet of Things (IoT) has exposed devices to cyberattacks that a few years ago would never have been included in most threat landscape models.
A successful large-scale attack by either a sole individual or nation-state could also potentially damage food supplies. In some countries, food supply has been identified as a part of the critical infrastructure.
2. What are your main security concerns and what are you prioritising at the moment?
Data breaches, malware infections and malicious insiders are our main security concerns.
You need to identify and prioritize information security risks so you can wisely allocate resources to improve IT security. You can choose either a qualitative or a quantitative approach:
- Qualitative methods assess risk based on non-numeric categories or levels (e.g., low, moderate and high)
- Quantitative techniques involve assigning numeric values to risk likelihood and monetary loss based on a matrix
3. What are the 3 main challenges that cyber leaders in APAC are facing at the moment?
(1) In some APAC countries, 4G has only just been rolled out, so it will be some time still before 5G networks hit critical mass. According to forecasts by GSMA, 4G will still account for 68% of global mobile users by 2025 in this region.
If existing security risks are not dealt with and roll over, mobile ISPs could be the first point of failure during a cyberattack, and vulnerabilities, such as unsecured IoT systems, could be amplified exponentially under 5G if not addressed at 4G.
(2) The demand for cybersecurity will continue outstripping the supply
(3) Security can come as an afterthought in product development. Some connected devices continue to be shipped out with no viable means of receiving software updates and security patches, leading to common vulnerabilities that can be exploited easily.
4. What is your advice for companies looking to baseline and start their OT security journey?
Prepare inventory of IT and OT assets in your organisation.
Use an established assessment framework to prepare a baseline for OT security.
Examples of industry recognized frameworks are standards from the National Institute for Science and Technology (NIST), and ISA/IEC 62443.
5. Looking at the protection of critical infrastructures in APAC, in which area do you think collaboration between states at a regional level is the most mature? And where is it needed the most?
All governments in the APAC region are increasing efforts to secure critical infrastructure by adopting internationally recognized cyber security standards.
It is important for every organisation to build a program based on people, process and technology. Increased collaboration among nations is required to provide greater resiliencies in protection of critical infrastructures in APAC region.
6. What have been the biggest challenges around COVID-19 for your organisation? And, how did you address them?
The COVID-19 pandemic increased health cybersecurity concerns
Industries that did not traditionally work from home but are now doing so in greater numbers include workers in the healthcare field.
For example, telehealth allows medical health providers to deliver critical services remotely. Without a proper security framework, clients’ sensitive healthcare records, live health screenings and personally identifiable information (PII) have the potential to be compromised.
In our organisation we had to identify users who did not have laptops with them and arrange for them. We also had to secure devices remotely, update security patches at endpoints as well as use VPNs for remote access.
We had to configure additional rules around remote access to ensure continuity of operations during the COVID pandemic.
7. What impact are these challenges having on your cyber security strategy?
New cybersecurity approaches are needed today, including adopting a preventive approach to security and increasing levels of security automation
8. What do the next 5 years hold for your industry?
Pharma companies collect large amounts of data and typically have access to sensitive information, including PHI, drug patents, and data related to pharmaceutical technologies. This means that a breach in an organization’s network can have serious consequences such as stolen intellectual property and clinical trial data, reputational damage, lost revenue, and even litigation.
Cyber security threats for the pharmaceutical industry include :
· Ransomware
· Phishing attacks
· Internet of things
· Disgruntled employees
All pharmaceutical companies need to have robust yet flexible cybersecurity protocols in place to protect themselves against the threat of cybersecurity attacks. This requires having an overall operating model, well-defined roles and responsibilities, stringent SLAs, dealing with third-party integration, monitoring threats, communicating vulnerabilities effectively, and ensuring that cybersecurity remains a top security priority. Cyber awareness training should be carried out for all employees at regular intervals.
Connect with Dr. Vinay and learn more about Critical Infrastructure Cyber Resilience Beyond Covid-19 as part of a live panel discussion alongside cyber security experts from Reliance Industries, International SOS & Horizon Power at the upcoming #CS4CA APAC Summit.
Find out more and secure your place at the CS4CA APAC online summit on 27th – 28th January, for FREE using the complimentary discount code: NOVARTIS.
Book now at: apac.cs4ca.com/register/
*Offer is valid for end-users only. No vendors or consultants.
