Following the 1861 invention of the combination lock and a concurrent rise in the popularity of bank vaults, thieves garnered a keen interest in explosives. Comparatively, since the start of the digital age in the 1980s, cybertheft and/or cybercrime has rapidly increased.
Image Credit: LabVantage Solutions, Inc.
As data storage and movement continually evolves, from the arrival of personal computers to the explosion of mobile computing and the emergence of the cloud, new ways of putting data at risk have developed.
Evaluating the necessary balance between moving from paper to digital and taking cybersecurity seriously is vital. There is no question about how valuable transferring to a digital platform can be; both saving time and enhancing performance, adopting digital solutions yields huge benefits.
In manufacturing sectors and across scientific research, technology such as laboratory information management systems (LIMS) can produce great rewards. Yet, reaping benefits and rewards means an increase in responsibility; it is essential that vigilance to all the edges of your network is taken.
Over time, banks have progressively enhanced their protection against thieves — switching from portable safes to interior vaults and phasing out combination locks in favor of sophisticated biometric protection.
Similarly, cybersecurity experts have frequently introduced new tactics to foil digital criminals. Any organization storing and moving data—including the lab—can not afford to pass over security issues and must remain alert to any incoming threats as they continue to evolve.
Big Data. Big Costs.
With a vast amount of data—of all kinds—stored and moving between the cloud, in-house servers, and corporate devices, security has become critically important.
Conversely, stealing it, or preventing legitimate users from accessing it until a ransom is paid, has become a lucrative business for what are known as criminals, predatory activists, and ‘state actors’ with ideological agendas.
How big? It’s thought to be that the total cost of a data breach in the US has increased from an average of $3.5 million in 2006 to an average of $8.6 million in 2020.
According to CSO Online, a major cybersecurity news source, almost 40 percent of the total average cost of a data breach comes from lost business; including increased customer turnover, loss of revenue as a result of system downtime, and the increasing cost of new business acquisition due to damaged reputation.
Forbes reported that the research firm IDC discovered 80 percent of consumers in developed nations will desert a business if their information is compromised due to a security breach. Most companies will not recover from a significant breach.
Cybercriminals continually increase their aptitude and up the ante when it comes to data breaches.
In December 2020, FireEye, a renowned 17-year-old cybersecurity vendor based in Malpitas, California, was hit by a data breach. Hackers stole tools used by FireEye’s so-called ‘red team’: in cybersecurity, a red team is a group of internal advanced IT specialists who are tasked with attempting to breach a company’s own data defense walls, using penetration tactics or ‘pen-testing.’
Due to FireEye’s leading role and influence in the industry, it stands to reason that this red team probably had the best pen-testing tools in the business.
To make matters worse, FireEye was able to quickly determine that the same attacks (allegedly carried out by Russian hackers located within the US) had exploited a vulnerability in Orion software, a product developed by SolarWinds, which is employed by some 33,000 customers. FireEye wasn’t even the highest profile victim of the estimated 18,000 customers affected by the breach.
That honor went to the US National Security Agency (NSA), the organization in charge of and accountable for the protection of federal agencies against cyberattacks.
Raising a Strong Defense
Things can seem bleak if only one side of the story is considered:
- FireEye and all the damage relative to the SolarWinds hack
- 230,000 new malware samples reportedly being produced each day
- News that due to the pandemic, the significant shift to remote working has been followed by an increasing number of attacks on vulnerable parts of corporate networks.
On the flip side, organizations are taking cybersecurity much more seriously today than they did a decade ago. These companies are:
- Extending their executive leadership ranks by hiring chief information security officers (CISOs), as opposed to adding more tasks to an internal IT department’s workload
- Incorporating cyber risk into their contingency planning
- Putting in place battle-hardened veterans to lead their red teams in an ongoing war against bad actors of all stripes.
Excellent cybersecurity begins with good people. Even after a decade of an increasing number of attacks on both high and low profile enterprises, most intrusions are led by human nature.
Employees continually fall for email phishing scams; for instance, opening what seems to be an internal email from within the organization, or unintentionally downloading malware onto a corporate laptop.
Thus, to counter such cases, progressive organizations have started programs to educate employees and consequently spread a culture of cybersecurity throughout the enterprise.
On the technical side, continuing to develop new approaches to produce a more robust system, including the use of artificial intelligence to learn from exposed software and networking vulnerabilities, are in place.
New techniques, including the cloud-based secure access service edge (SASE, pronounced “sassy”), introduced by Gartner and now being used by several high-profile financial and healthcare organizations, continue to gain in popularity in the ongoing battle against malicious forces.
Good cybersecurity is rarely a “set it and forget it” process. Veteran CISOs are the front-liners who have seen every type of ransomware, dedicated denial of service, and phishing scam. They believe that the most intelligent cybersecurity and resulting best practices have a shelf life of around five years.
One this time has passed, hackers, whether they be state-sponsored or independent, have developed new tools and discovered new ways to hit vulnerabilities in enterprise networks.
Events such as the global pandemic only accelerate that timeline by ushering in thousands of new mobile endpoints into every digital network. This leads to developing stronger countermeasures like SASE. If an enterprise, or their software vendors, are not one step ahead of hackers, the cybersecurity race will be lost every time.
An Economist Intelligence Unit survey across multiple sectors of 300 senior executives at various organizations, including those within the pharmaceuticals industry, indicated that the two main priorities to counter malicious data breaches are a proactive strategy and constructing a culture of security.
Looping in Your Partners
One of the key trends in protecting against data breaches is moving toward better information sharing between organizations and their software vendors. During the early years of cybersecurity, control was usually maintained by the central organization.
When that company was thinking about adding software to its network, security parameters were incorporated into the request for proposal that was circulated to potential qualified vendors.
Recently, that process has started to change, as CISOs have established that a crucial element of effective data security is being proactive and working in collaboration with software vendors to make sure the proper tools and protocols are in place when initiating implementation and staying in place for as long as the software is being utilized.
Increasingly, they are seeking out vendors who not only take cybersecurity seriously but who also adopt a strict culture of cybersecurity throughout their enterprise.
When considering a vendor, there are a number of key things to look for:
- Partners who embrace Security by Design. Effective security starts at the code level, and those suppliers who really understand this are utilizing tools like SonarQube to ensure detection of vulnerabilities before they leak into your network.
- Partners who test. Developers are adept in testing code for processing flaws, but the software vendors who really take cybersecurity seriously now have their own red teams or outside partners to hit their products with everything they have got. Pen testing and employing ‘white hat’ hackers are approaches that are crucial to ensuring solutions will not break under real assaults.
- Partners who live cybersecurity. A vendor’s dedication to safety should not only apply to what they sell. If they do not foster best practices within their own ranks, how can they be fully trusted?
Being secure in the Digital Age demands commitment and persistent vigilance. Bad actors will always search for new methods to breach networks, but, like all thieves, they go after the easy targets. Strengthening defenses and working with vendors who take cybersecurity seriously will help prevent companies from becoming a sitting duck.
The LabVantage Advantage: Backing it up with a Culture of Cybersecurity
LabVantage is pioneering a proactive approach to cybersecurity, fostering cybersecurity best practices throughout the development process, and working in close alliance with customers to address distinct security needs.
The latest release of LabVantage’s flagship LIMS (LabVantage LIMS 8.6) was designed with a specific focus on cybersecurity, taking both customer input and the company’s internal research into account.
LabVantage LIMS has always been extremely secure, with configurable security protocols and permissions in accordance with the US Health Insurance Portability and Accountability Act and the EU’s General Data Protection Regulation.
Encryption has been incorporated across multiple stages, including all data within cloud servers and in the VPN tunnels essential to the subscription-based SaaS version of the LIMS. LabVantage has also been very proactive in terms of using pen testing and other activities to allow users to stay in front of any potential cyberattacks with enhanced cybersecurity.
With LabVantage 8.6, system security takes on a greater priority, moving toward a design framework that recognizes the nature of data vulnerability and knows how to respond to it effectively.
Image Credit: LabVantage Solutions, Inc.
LabVantage has incorporated SonarQube to assess and scan source code for potential vulnerabilities.
An open-source platform, SonarQube offers continual inspection of code quality to conduct automatic reviews with static analysis to identify bugs, code smells, and other security vulnerabilities.
In addition to the inclusion of SonarQube into the development process, LabVantage has enhanced its traditional operating procedures for coding and introduced Atlassian’s Jira software into the process. This enables LabVantage to closely track code while increasing the visibility of potential security issues throughout development.
LabVantage also uses ‘magic byte’ detection: a list of file signatures and data employed to detect or verify file contents which ensures malicious files cannot be uploaded while reviewing all third-party libraries to guarantee legacy libraries and the necessary plug-ins were upgraded.
The company put 8.6 to the test by setting LabVantage’s best R&D minds loose on the product, challenging two teams of ‘white hat’ hackers to detect malicious code or other vulnerabilities during a weeklong hackathon.
These team members understand the platform better than anyone, and they had the advantage of leaning on inside information supplied by the security teams of LabVantage’s customers.
Focusing on the two key possible gaps; cross-site scripting and cross-site request forgery, the white-hat hackers hit LabVantage 8.6 hard. The hackathon revealed several potential issues, and the company was able to strengthen its product to address them.
The effort to ensure LabVantage 8.6 and future releases meet quality standards will not stop there. While having an experienced and knowledgeable LabVantage R&D resource in place to take a hack at new software, it is also vital to have a third party examine the findings and uncover any other potential flaws.
So, LabVantage has partnered with COMPASS Cybersecurity to carry out objective pen-testing on a continual basis.
Combined with the continued use of SonarQube, LabVantage is sure that its LIMS will be a significant breach-resistant addition to any customer’s technology stack. LabVantage persistently monitors the OWASP Top 10, which closely follows critical risks threatening web-based applications like LIMS.
The company is also making sure this culture is in place throughout the ranks, introducing a number of new initiatives to make sure the company and its products are ready for any event. Security training also reaches beyond LabVantage personnel extending to its partners as well.
Additionally, the company has initiated cybersecurity as an ongoing topic for internal lunch-and-learn sessions and is developing an initiative whereby internal staff is trained as Certified Ethical Hackers.
The objective is to guarantee all personnel is trained to understand and avoid cross-site scripting and SQL injection issues at any point in the system.
Looking to the future, the company will continue to investigate and adopt new standard operating procedures, work instructions, and guidance to make sure employees adhere to the revised culture.
Next Steps in Security
With LabVantage LIMS 8.7 on the horizon for mid-2021, the company remains committed to being the vanguard of cybersecurity.
Once again, LabVantage is exhibiting its commitment to leadership by not viewing security as an ‘add-on’ but developing each single product element with ultimate protection in mind.
LabVantage 8.7 will also usher in a number of other best-in-class methods to cybersecurity approaches, including multi-factor authentication.
This ensures LabVantage software offers unparalleled protection for customer data. LabVantage understands that system security is of key importance to any enterprise’s digital transformation, and the company remains committed to working closely with its customers to make every network that its products are installed in as secure as possible.
This information has been sourced, reviewed and adapted from materials provided by LabVantage Solutions, Inc.
For more information on this source, please visit LabVantage Solutions, Inc.