Skip navigation EPAM

Beware of the Dark Side: Security in the Age of IoLT

    • Christopher Waller

    VP, Chief Scientist, EPAM United States
    Connect
    Blog
    • Life Sciences
    The Digital Lab Poses yet another Entry Point for Cyberattackers

    It is difficult to underestimate the potential for dark-sided cyberattacks as we make the move to a digital research laboratory powered by technology that runs on the Internet of Lab Things (IoLT). All those little data collection devices pumping data into cloud stores create huge vulnerabilities on company networks and should be causing all CISOs nightmares.

    In July of last year, Merck, along with a number of other large corporations that rely heavily on computer networks, was crippled by a cyberattack containing the NotPetya virus that resulted in the disruption of all research and development, manufacturing and commercial operations for several months. Tens of thousands of computers were compromised and required complete rebuilds in order to bring things back to a normal state. The full financial impact suggests that the attack cost Merck in excess of $300M per quarter in the second half of 2017.

    The Merck cyberattack was perpetrated through a traditional simple email attack vector. IoLT devices represent newer and more numerous entry points into a corporate network and will dramatically increase the probability of cyberattacks on the digital laboratory. While the Merck cyberattack was a typical nuisance attack with a ransom demanded in order to unlock drives, the cybercriminal of the future will combine this with other methods in order to gain access to the corporate jewels – data. 

    A Simple Plan to Manage – and Prevent – Sneaky Cyberattacks

    So, what do we do to protect ourselves against cyber criminals planting little worms on corporate computers that leak data through the firewall at almost imperceptible levels? The inevitable cyberattacks that come as a result of digitalization need to be dealt beyond following technical analysts’ recommendations to stockpile cash in order to deal with the aftermath. To become proactive, one simple grouping of tactics could be:

    1. Intrusion prevention
      • Provide and enforce employee training and certification
      • Implement modern firewalls with current anti-virus software and definitions
      • Ensure that all operating systems on all computers are current
    2. Intrusion detection
      • Implement proactive network activity monitoring and isolate suspicious code
      • Utilize AI to identify network data spikes
    3. Intrusion remediation
      • Ensure that disaster recovery plans are current and enforced

    On paper, the 68-word plan above sounds simple, but that doesn’t mean it will be straightforward to implement.  

    Forging a Path toward a Cybersecurity-First Culture

    There will obviously be challenges that must be overcome as we work to create and protect the digitalized life sciences ecosystem of the future. Since this ecosystem doesn’t exist yet for the most part, however, there is a big opportunity to do things right the first time around.

    As always, the challenges fall into people, process and technology buckets. At the highest level, change management programs with senior leadership sponsorship will be required, and cybersecurity-first culture will need be cultivated within the organization. All existing security processes will need to be scrutinized and, in many cases, modified. Additionally, improvements to our legacy technology footprints will need to be made, often with the help of a trusted technology partner.

    However difficult, all of these changes will be required if we are to fully reap the benefits of digitalization and protect our data – a tremendous asset that is soon to be overflowing from your soon-to-be digital lab. That’s why we’ll explore the value of data to a corporation and the need to protect it properly in the next installment.

    Hello. How Can We Help You?

    Get in touch with us. We'd love to hear from you.

    Contact Us Contact Us

    Our Offices

    Canada Canada
    Colombia Colombia
    Dominican Republic Dominican Republic
    Mexico Mexico
    United States United States
    Armenia Armenia
    Austria Austria
    Belarus Belarus
    Bulgaria Bulgaria
    Croatia Croatia
    Czech Republic Czech Republic
    France France
    Georgia Georgia
    Germany Germany
    Hungary Hungary
    Ireland Ireland
    Italy Italy
    Kazakhstan Kazakhstan
    Lithuania Lithuania
    Malta Malta
    Montenegro Montenegro
    Netherlands Netherlands
    Poland Poland
    Romania Romania
    Spain Spain
    Sweden Sweden
    Switzerland Switzerland
    Ukraine Ukraine
    United Kingdom United Kingdom
    Uzbekistan Uzbekistan
    Australia Australia
    China China
    Hong Kong SAR Hong Kong SAR
    India India
    Japan Japan
    Malaysia Malaysia
    Singapore Singapore
    United Arab Emirates United Arab Emirates
    Vietnam Vietnam