The 2019 BioIT conference last week was as exciting and illuminating as we expected. The fields of genomics and precision medicine are incorporating some amazing technology, including AI, blockchain and deep learning. Companies are using these technologies to drive innovations that will make life better for all humans, and watching these fields integrate science and technology is legitimately cool.
Going into this show, we were aware that this was not going to be a security-focused IT show. We knew our conversations were not going to be about perimeter defense, endpoint security and malware. At the BioIT conference, we anticipated we would be talking to companies about how to securely implement blockchain to manage information, such as medical records or the serialization and tracking of prescription drugs, as well as how to address the security of IoT devices that they have incorporated into their manufacturing process. What we did not anticipate is that while these conversations happened, they were few and far between. Ultimately this show served as a barometer of the state of holistic cybersecurity adoption and the pervasive shortage of experienced cybersecurity personnel.
Holistic Security & Experienced Cybersecurity Personnel Are Key Challenges
Holistic cybersecurity adoption, the process of incorporating security at a fundamental level throughout the organization, has been a hot topic of discussion for the last two years. What we are finding in the overall market, and also at the BioIT conference, is that the process of incorporating holistic cybersecurity into organizations is slow and challenging. Outside of a strong perimeter defense, many technology-focused teams were not prioritizing issues, such as how a ransomware breach could freeze their research and hold it hostage with one click of a phishing email.
Within genomics and precision medicine, data and intellectual property are the lifeblood of the organizations. Cybersecurity means more than just protecting your network. It also means protecting your product development pipeline and ensuring your intellectual property isn’t stolen or manipulated by enemy states.
As more genomics and precision medicine companies increasingly incorporate technology through their organization, add insecure IoT devices to corporate and manufacturing facilities, and incorporate blockchain into their information management plans, a strong security posture is crucial. Here are a few of the real-world challenges that organizations shared at the BioIT conference:
- Challenge: Holistic security may be a goal, but unless someone is driving the conversation and implementation, companies are struggling to fit this into their already overcommitted workload. There is a need for help coordinating and driving this process within many organizations.
- Solution: It can be difficult to get all departments to think about incorporating cybersecurity into their systems and services. Appointing someone in your organization’s management team to spearhead this project is one of the most successful strategies. Holistic cybersecurity is a long-term goal, where organizations should be cultivating a security-conscious culture and implementing best practices, then handing those responsibilities to each department and checking-in on the progress. Many companies also bring in consultants to assess the organization’s overall security and recommend ways to build a stronger holistic security solution. This can provide progress reports and specific guidance to each department to further your goals of holistic security.
- Challenge: There is a need for greater cybersecurity framework knowledge within the R & D, data, and manufacturing functions. Outside of IT groups and some organizations with strong centralized IT, many organizations within the genomics and precision medicine space are looking for more support on how to protect intellectual property and information beyond just perimeter protection.
- Solution: If you have not already, incorporate best practices such as those in the NIST Cybersecurity Framework. These industry standards should be foundational building blocks for your organization’s cybersecurity. It’s important to look at your overall security posture throughout your organization as well as potential gaps caused by third party network access you provide to partners/vendors.
- Challenge: Small companies, especially start-ups, are particularly vulnerable to compliance issues for HIPAA, GDPR and CCPA. Compliance guidelines can be complex and small companies/start-ups frequently do not have the detailed knowledge or staff to assess and close their compliance gaps.
- Solution: An experienced team can conduct compliance audits fairly quickly and quite affordably, to the surprise of many organizations. Compliance audits can deliver a check-list of items that need to be fixed and provide recommendations on how to close any compliance gaps. These periodic audits should be a foundational element at genomic and precision medicine companies that need to stay current with changing compliance regulations and avoid potential violations and fines.
- Challenge: Highly skilled technology resources are hard to find. Many organizations are looking for outsourced or supplemental help with network monitoring and testing, as well as highly skilled advanced security assistance. At this year’s BioIT conference, we shared a booth with our partner, Technium, and found supplemental expertise and staff to be one of the most common needs for show attendees.
- Solution: There are a wide variety of outsourcing solutions these days. There as a broad range of services available, ranging from high-end managed network services, like those from our partner Technium, to hiring supplemental consulting resources for testing, compliance, training and breach response. Engaging supplemental consulting services can be a cost-effective alternative to finding and hiring skilled full-time staff in today’s tight labor market.
Your organization needs strong, proactive security and compliance procedures. Hiring the right experts to provide advice and supplemental services can help to ensure you enjoy business as usual, rather than costly business disruptions and compliance violations. Just like in many industries, many of the core cybersecurity challenges facing the organizations at the BioIT conference stem from a shortage of experienced cybersecurity personnel. With the right resources, some of these hurdles can be overcome quickly at a sprint. While larger goals, such as holistic security, are more of a long distance run. Hiring the right experts to provide advice and supplemental services can solve these challenges so you can enjoy business as usual, rather than costly business disruptions and compliance violations.