There has been a surge in cybertheft since the onset of the Digital Age in the 1980s. Each evolution in data storage and transfer, from personal computers to mobile computing and the cloud, has introduced new risks to data security.
A balance must be struck between transitioning from paper to digital formats and prioritizing cybersecurity. However, the benefits of digital transformation, such as time savings and precision, are undeniable. In scientific research and manufacturing, technologies such as laboratory information management systems (LIMS) offer significant rewards, but with these rewards comes the responsibility of ensuring network vigilance.
Over time, banks have fortified their defenses against theft — moving from portable safes to robust vaults, and from combination locks to advanced biometric systems. Similarly, cybersecurity experts are constantly developing new strategies to combat digital criminals. Any organization that stores or transfers data, including laboratories, must prioritize securing it and remain vigilant as threats evolve.
Big data. Big costs.
With vast amounts of data stored in cloud systems, on-premise servers, and corporate devices, protecting this information has become crucial. Concurrently, stealing data or preventing legitimate users from accessing it unless a ransom is paid has become a lucrative business for state actors, criminals, and ideological activists.
The financial impact is staggering; the average cost of a data breach in the US has risen from $3.5 million in 2006 to $8.6 million in 2020.
According to CSO Online, nearly 40% of this cost stems from lost business, including increased customer turnover and revenue loss due to system downtime.
Research from IDC indicates that 80% of consumers in developed nations will leave a business if their information is compromised, and many companies never fully recover from a major breach.
The stakes and the skills of cybercriminals continue to escalate. In December 2020, a breach affected FireEye, a well-known cybersecurity vendor based in California, where hackers stole tools from FireEye’s internal “red team.”
This red team consists of advanced IT specialists tasked with testing the company's own data defenses through penetration testing.
Given FireEye's role in the industry, its red team likely possesses the best pen-testing tools available. Compounding the issue, FireEye discovered that the attacks were linked to Russian hackers exploiting a vulnerability in Orion, a software product by SolarWinds used by around 33,000 customers.
Among the estimated 18,000 affected customers, the US National Security Agency (NSA) was the highest-profile victim.
Raising a strong defense
The situation may appear dire when focusing solely on the negatives:
- The impact of the SolarWinds hack on FireEye
- Reports of 230,000 new malware samples generated daily
- A rise in attacks targeting vulnerable corporate networks due to the shift to remote work during the pandemic
Conversely, many organizations are taking cybersecurity more seriously than a decade ago. These companies are:
- Expanding their executive teams by hiring chief information security officers (CISOs) instead of merely adding tasks to IT departments
- Incorporating cyber risk into their contingency plans
- Deploying experienced leaders to guide their red teams in the ongoing battle against various threats
Effective cybersecurity begins with people. Despite a decade of escalating attacks on enterprises, human error remains central to most breaches. Employees often fall victim to phishing scams, mistakenly opening emails that appear to be from within their organization, or inadvertently downloading malware.
To combat this, progressive organizations have initiated educational programs aimed at fostering a culture of cybersecurity.
On the technical front, methods continue to evolve, including the use of artificial intelligence to learn from software vulnerabilities and enhance system robustness.
New techniques, such as the cloud-based Secure Access Service Edge (SASE), introduced by Gartner, are gaining traction among high-profile financial and healthcare organizations in the ongoing battle against cyber threats.
Effective cybersecurity is not a one-time effort. Veteran CISOs, experienced in various cyberattacks, believe that the most sophisticated security measures have a lifespan of about five years. Hackers, whether state-sponsored or independent, continually develop new tools and methods to exploit networks. Events like the global pandemic, which introduced many new mobile endpoints into digital networks, only accelerate this timeline.
According to a survey by the Economist Intelligence Unit of 300 senior executives across various sectors, including pharmaceuticals, the top two priorities for mitigating data breaches are proactive strategies and fostering a culture of security.
Looping in partners
A crucial trend in cybersecurity is the shift toward information sharing between organizations and their software vendors. Historically, control was maintained by the central organization, which included security parameters in requests for proposals when seeking new software. Recently, CISOs have recognized the importance of proactively collaborating with vendors to ensure proper tools and protocols are implemented from the outset and maintained throughout the software's lifecycle. They increasingly seek vendors who prioritize cybersecurity and demonstrate a commitment to a culture of security within their organizations.
When evaluating a vendor, critical factors to consider include:
- Security by Design: Effective security starts at the code level. Suppliers using tools like SonarQube to detect vulnerabilities before they enter a network are preferred.
- Testing: While developers are skilled at identifying processing flaws, vendors serious about cybersecurity employ red teams or external suppliers to rigorously test their products.
- Commitment to Cybersecurity: A vendor's dedication to safety should extend beyond their products; if they do not follow best practices internally, their trustworthiness comes into question.
Maintaining security in the Digital Age requires commitment and constant vigilance. Cybercriminals continually seek new methods to breach networks, often targeting the easiest victims. Strengthening defenses and partnering with vendors who share a commitment to cybersecurity will help prevent becoming a target.
The LabVantage advantage: Backing it up with a culture of cybersecurity
LabVantage is at the forefront of adopting a proactive approach to cybersecurity, promoting best practices throughout the development process, and collaborating with customers to address specific security needs. The latest version of its flagship LIMS — LabVantage LIMS 8.6 — was developed with a strong emphasis on cybersecurity, incorporating customer feedback and internal research.
LabVantage LIMS has always prioritized security, with configurable protocols meeting the requirements of the US Health Insurance Portability and Accountability Act and the EU’s General Data Protection Regulation.
Encryption is integrated at multiple levels, including all data in cloud servers and VPN tunnels associated with the SaaS version of the LIMS. LabVantage has also proactively ensured security through pen testing and other measures to stay ahead of potential cyber threats.
With LabVantage 8.6, system security is elevated, employing a design framework that understands data vulnerabilities and responses.
Continuous inspection
LabVantage has implemented SonarQube to evaluate and scan source code for vulnerabilities. This open-source platform provides continuous inspection of code quality through automated reviews, detecting bugs and security issues.
In addition to integrating SonarQube into the development process, LabVantage has enhanced standard operating procedures for coding and introduced Atlassian’s Jira software, allowing closer tracking of code and improving visibility into potential security concerns.
The company employs “magic byte” detection to identify malicious files and reviews third-party libraries to ensure that legacy libraries and their plugins are up to date.
Testing LabVantage 8.6
LabVantage engaged its top R&D talent to challenge two teams of “white hat” hackers during a week-long hackathon to identify vulnerabilities in the product. These individuals are intimately familiar with the platform and had access to insider information from customer security teams. Focusing on potential gaps such as cross-site scripting and cross-site request forgery, they rigorously tested LabVantage 8.6.
The hackathon revealed several potential issues, prompting further hardening of the product.
Third-party verification
LabVantage's commitment to ensuring that LabVantage 8.6 and future releases meet high standards will not stop there. While internal expertise is valuable, it is critical to have third-party evaluations to identify additional vulnerabilities. LabVantage has partnered with COMPASS Cybersecurity for objective pen testing on an ongoing basis. Combined with the continued use of SonarQube, LabVantage LIMS aims to provide an exceptionally breach-resistant addition to any customer’s technology stack.
LabVantage continually monitors the OWASP Top 10, which tracks critical risks to web-based applications like LIMS. The company is also fostering a culture of security internally, with new initiatives to ensure readiness for any eventuality.
Security training extends beyond LabVantage personnel to partners, and the company has introduced cybersecurity as a recurring topic for internal lunch-and-learn sessions, working toward having staff trained as Certified Ethical Hackers. The goal is to ensure everyone is equipped to recognize and avoid vulnerabilities in the system.
Next steps in security
With the anticipated release of LabVantage LIMS 8.7 in mid-2021, the company remains committed to leading in cybersecurity. This new version will introduce React.js, a JavaScript library that enables “security by default,” ensuring the default settings of the software are maximally secure. LabVantage is reinforcing its commitment to integrating security into every aspect of product design.
LabVantage 8.7 will also incorporate additional best-in-class methods, such as multi-factor authentication, to enhance cybersecurity and protect customer data.
Recognizing that system security is crucial for any enterprise's digital transformation, LabVantage is dedicated to working with customers to ensure every network hosting its products is as secure as possible.
About LabVantage Solutions
LabVantage Solutions, Inc. is a leading global provider of laboratory informatics. Our industry-leading, LIMS and ELN solution and world-class services are based on 35+ years of experience in laboratory informatics.
LabVantage offers an extensive portfolio of products and services that help companies accelerate innovation in the R&D cycle, enhance manufactured product quality, provide accurate and reliable recordkeeping, and help regulatory compliance. LabVantage is a highly configurable web-based LIMS/ELN that powers hundreds of laboratories of all sizes around the world. LabVantage is built on a platform that is widely regarded as the best in the industry and can support hundreds of concurrent users as well as interface with instruments and other enterprise systems.
LabVantage is the best fit for industries including pharmaceuticals, consumer goods, molecular diagnostics, and biobanking. LabVantage domain experts assist customers in implementing best practices and optimize LIMS so customers can maximize ROIs through rapid and successful deployments.
Sponsored Content Policy: News-Medical.net publishes articles and related content that may be derived from sources where we have existing commercial relationships, provided such content adds value to the core editorial ethos of News-Medical.Net which is to educate and inform site visitors interested in medical research, science, medical devices and treatments.