Due to heavy investments in biotechnology and research and development (R&D), life sciences organizations are becoming increasingly lucrative targets for cybercriminals. There has been tremendous progress in scientific discovery, and businesses must keep pace by managing security risks and protecting scientific data.

A cybersecurity report uncovered a ransomware attack, a type of malware that locks users out of their devices and files until a ransom is paid. 485% increase 2020 may be affected by the COVID-19 pandemic compared to 2019.Additionally, another report found that the average total cost of a data breach in the pharmaceutical industry is $5.06 million.

In light of these growing cybersecurity risks and the threats they pose, technology network talked to Zach PowersChief Information Security Officer bench ringis a research and development cloud platform for the biotech industry. Learn why the biotech industry is being targeted by cybercriminals, the importance of data security, and how the industry can mitigate these threats.

Sarah Whelan (SW): Can you explain what the Benchling R&D Cloud is and how it is designed to advance scientific research and development? How can it help tech companies?

Zach Powers (ZP): Benchling started with the vision of making research and development the way it should be: a collaborative process to turn ideas into scientific progress. In the last few years of the pandemic, this vision has felt more urgent and important than ever. Today, more than 200,000 scientists use his Benchling’s R&D Cloud as a trusted central source for his R&D in biotechnology to centralize data, improve collaboration, access insights and Ultimately accelerating the path to discovery.

See examples of how our R&D cloud is driving progress in the scientific community. We helped Syngenta move from data silos to data as an advantage and are now on a mission to build a data infrastructure in 90 locations across different languages, regulations and time zones. Crops that require less input while producing superior yields. Using Benchling, Syngenta reported his 72% improvement in data sharing across regions and across large teams.

SW: What considerations should be given to data security for this kind of cloud-based platform?

ZPs: Biotech organizations rely on their intellectual property to generate revenue, and significant revenue can be lost if infringed. These organizations are highly regulated due to the potential human impact of their products, and regulatory compliance can make or break an organization’s competitive position.

Both of these factors mean that maintaining industry-leading security, privacy, and compliance standards for biotech customers is paramount for a cloud-based platform like Benchling. Enterprise software as a service (SaaS) companies have a responsibility to securely develop cloud software and infrastructure. To do this, they use automated vulnerability management, periodic penetration testing, asset management, configuration management, threat detection and response engineering, and more. Ultimately, many cloud software products are subject to more and more security scrutiny than usual. -Perform prerequisite skills. Not all cloud products are the same when it comes to security, but it’s becoming more and more common for enterprise SaaS companies to approach security this way. When evaluating cloud platforms, customers should assess how much an enterprise SaaS company will invest in security on an ongoing basis. Are there security economies of scale that customers can benefit from?

SW: How important is data security and governance to the industry? And how has this changed over the years as new discoveries are made and biotechnology becomes a more lucrative target for cybercriminals? Did you

ZPs: In recent years, threat actors have become more sophisticated, well-funded, educated, and organized corporations. Additionally, the most dangerous attackers are employed by enemies of the United States and the European Union. These organizations are in business to make a profit, and many even have revenue targets. They aim to illegally access some of the world’s most sensitive intellectual property for financial gain.

Pharmaceutical companies are now routinely targeted and attacked by these advanced threat actors, and by 2021 nearly all (98%) of pharmaceutical companies will experience at least one security breach. In fact, last year alone, more than 20% of businesses lost business-critical data and intellectual property.

It’s clear that robust data security and governance are more important than ever. In particular, the biotech industry continues to grow in value due to the influx of valuable data it generates.

SW: What lessons do you think life sciences and biotech institutions can learn from other industries about managing security risks?

ZPs: Successfully managing security risks today requires engineering, automation, real-time analysis, threat intelligence, and critical tools. You also need a strategy that applies security across your organization with multiple layers of defense, detection points, and built-in response options. This level of investment may seem daunting, but for well-funded and focused attackers, it makes it easier for attackers to achieve their goals. only. In the security industry, we often talk about “cost to an attacker”. Proper investments in security can deter attackers or slow their attacks, raising costs well enough to trigger detection mechanisms and execute response plans. Attackers consider the cost of carrying out an attack. After all, it’s business. Biotechnology institutions have the ability to influence their cost models.

When evaluating whether to invest in this level of security, the cost of security is rising rapidly year-on-year, and many life sciences and biotech institutions are in for a big shock. My advice to biotech agencies is to see if many other industries are taking advantage of the economies of scale that mature cloud computing companies can offer in security, resilience, disaster response, etc. Even if your biotech institution is not ready to invest heavily in security itself and build the type of world-class security programs and capabilities needed to protect today’s data, it’s time to move your data and workflows to a cloud platform. You can get safe results by migrating. We invested heavily in security. Mature cloud platforms are often orders of magnitude more invested in security than their customers, and they continue to do so. No security strategy is perfect, but strategies that take advantage of the security economies of scale offered by mature cloud platforms tend to work far better than otherwise.

There is another fundamental advantage to approaching security this way. Adopting a cloud-first strategy greatly improves data mobility for biotech institutions. Cloud architecture excels at making data searchable, accessible by those who need it, interoperable across disparate systems, and reused. these are, FAIR Data PrinciplesThis is a key focus for today’s biotech agencies, which have struggled for years with data residing in disparate on-premises silos.

Lessons can be drawn from many other industries. You can see how these industries have evolved and benefited from increased data liquidity. For example, enterprise SaaS, banking, and healthcare have each come to see cloud computing and modern security as key to unlocking data fluidity and supporting rapid growth and unparalleled innovation. If data fluidity is your goal, the easiest way is through cloud computing and data platforms. Cloud computing and data platforms bring consistency to data modeling, facilitate programmatic interfaces, facilitate governance and security assurance, and make data easier for people to find, access, and use.

SW: As science advances, what changes do you think will be necessary in the future to ensure data security? What are the biggest challenges that need to be addressed?

ZPs: One of the biggest challenges I see is the mistrust of cloud technology. Unfortunately, this is a more common sentiment in biotechnology, especially in Europe. Many biotech institutions still adhere to security strategies from the late 1990s, using on-premises technology and essentially using firewalls as their first and only line of defense. Keeping an on-premises strategy often exposes you to more risk because 100% of the security responsibility and resources are on you. Most companies that don’t trust cloud computing are actually less secure than the cloud providers they don’t trust.

There are many myths about whether cloud computing is safe, and it’s important to separate fact from fiction. Looking at breach statistics, there is no data to suggest that on-premises technology is more secure. But beyond adopting a data-driven approach to making security decisions, the most important lens I can offer to change attitudes about security in cloud computing is economies of scale. Enterprises adopting cloud and enterprise SaaS take advantage of the security economies of scale offered by modern software companies. Enterprise SaaS companies have a responsibility for security and have more security capabilities and teams than most companies can offer.

Benchling is no different, security is an integral part of the products we offer our customers. To achieve this goal, we invest far more in security than most customers can afford, and we have a wealth of expertise. Benchling embeds security engineering into the software development lifecycle and cloud infrastructure operations. Vulnerability testing is performed daily, all code checked into production undergoes security testing, and any security issues found are remedied within industry-leading service level agreements.

Biotech institutions can achieve more secure results by leveraging cloud software and platforms. We handle the toughest issues of security so you can focus on advancing science and delivering products that impact humanity.

Zach Powers was talking with Sarah Whelan, a science writer at Technology Networks.