EXECUTIVE SUMMARY:
In May of 2017, the life sciences industry contended with the WannaCry campaign, one of the most widespread and destructive cyber attacks in history. It rapidly propagated across networks, encrypting data and systems; leaving organizations crippled and desperate.
Some life sciences groups permanently lost intellectual property or data. Others were forced to halt production of certain drugs and vaccines. The combination of costly system downtime and ransom demands left a few enterprises financially insolvent.
Why life sciences? Cyber criminals perceive life sciences as an attractive target due to the intellectual property available on computer systems. Ninety-five percent of all cyber attacks in the life sciences sector center around intellectual property (IP). |
For the life science sector, WannaCry served as a cyber security wake-up call. However, not every organization took adequate action and the threat landscape has grown more perilous in the years since.
Here’s what to know about preventing and defending against cyberbiosecurity threats:
Addressing the challenge
First, know where the problems are. Conduct a thorough risk assessment – one that’s specific to your organization’s unique network environment. Identify critical assets, including intellectual property, research data and other proprietary information. Implement layered defenses to mitigate risks. These include firewalls, intrusion detection systems and endpoint detection systems.
But that alone isn’t enough. Be sure to train your employees effectively. Provide education around cyber threats, including social engineering. Develop a cyber security-conscious culture, where everyone understands the importance of safeguarding information. Provide regular supplemental training to address evolving threats.
Beyond that, ensure that your organization’s software developers use secure coding practices. Regularly patch and update software to address vulnerabilities.
Develop and test incident response (IR) plans that are specific to cyberbiosecurity/incidents in the life sciences sector. As goes for any IR plans, establish communication channels, delegate roles and clarify responsibilities, all of which will hasten the response in the event of a breach. Practice tabletop exercises to simulate real-world scenarios.
Leverage threat intelligence and information sharing efforts. Participate in Information Sharing and Analysis Centers (ISACs) or working groups that are focused on cyberbiosecurity. This will enable your organization to learn from peers and to exchange tactics. Your organization may also wish to collaborate on joint prevention and defense initiatives.
Cyber and physical system integration
Another aspect of the cyberbiosecurity situation to consider is reliance on cyber-physical systems. These types of systems integrate cyber-based control mechanisms into physical infrastructure. Examples include building automation systems and certain types of data collection and analysis instruments.
To protect these systems, ensure that your organization limits physical access to critical infrastructure and the toggles that control infrastructure functions. In addition, consider installing surveillance cameras and monitor access points.
Further, ahead of acquiring new cyber-physical technology, assess the security practices of the vendors who are providing the equipment. Ensure that vendors follow cyber security best practices.
More recommendations for CISOs
Have you completed all of the aforementioned recommendations? Great work! Take the next step: thoroughly test for vulnerabilities. Based on the results of the testing, devise and implement a remediation strategy. This will significantly minimize cyber risk. If you’re looking for experts with deep knowledge concerning how to resolve cyber security gaps, click here.
Closing thoughts
The life sciences community has an opportunity (and perhaps, an obligation) to lead when it comes to securing digital resources. Investing in cyberbiosecurity ensures the secure future of scientific research, life-saving vaccines, and life-changing pharmaceutical treatments.
For more insights like this, please see CyberTalk.org’s past coverage. Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.