This page contains a Flash digital edition of a book.
BACK TO CONTENTS


FOCUS 7


doubt that this progress will continue to present opportunities to the sector and to society as a result. There are vulnerabilities that have been inadvertently created in the past, but by taking the right approach it is possible for companies not only to address those legacy vulnerabilities but also to position themselves best to safely exploit the opportunities in the future.


With so much data moving in and out of organisations, it is simply not feasible to completely protect every single record. IT security managers should instead prioritise the information assets that have the most value and focus efforts on keeping them safe, whether it relates to trials, manufacturing or sales. They need to review arrangements with all of their outsourced service providers and advisers such as JV partners, research centres, lawyers and accountants. Defences need to be reviewed before engagement, written into contracts and constantly checked.


Vendors’ and suppliers’ systems must receive similar levels of scrutiny, to ensure that they are resistant to infi ltration, and that transactional data is deleted once it has served its purpose. By identifying potential attackers and threats, assessing the impact of a breach and establishing appropriate defences, the pharmaceutical and life sciences sector can begin to make life much harder for cyber criminals, and keep its most precious assets secure.


There are no easy solutions to the ever-present cyber threat. But by taking a determined and systematic approach, companies can take more control of the issue, giving them the confi dence to pursue their own business ambitions.


Five basic steps towards greater cyber confi dence that we recommend are:


1. Prioritise your information assets based on their value.


2. Think about who the external and internal threats to these assets could be – and how they might attack.


3. Develop a comprehensive monitoring strategy that will give visibility of the activity on an estate, in a similar way that CCTV and motion detectors do for physical security. This monitoring needs to be able to identify anomalous behaviour and enable investigators to quickly separate the malicious from the benign.


4. Put measures in place to ensure that third parties are not an open pathway allowing hackers to infi ltrate your network.


5. Review, review, review your approach to information protection and security architecture – and update where necessary.


A NEW APPROACH TO CYBER SECURITY


www.kpmg.com/uk/cyber


To fi nd out more, please contact:


Giles Watkins Partner, KPMG in the UK +44 (0)20 7694 8190 giles.watkins@kpmg.co.uk


Mark Thompson Senior Manager KPMG in the UK +44 (0)20 7694 4317 mark.thompson@kpmg.co.uk


© 2014 KPMG LLP, a UK limited liability partnership, and a member fi rm of the KPMG network of independent member fi rms affi liated with KPMG International Cooperative, a Swiss entity. All rights reserved.


CYBER SECURITY


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41