October is cyber security awareness month, according to US Homeland Security.
In a happy coincidence, Porzio Life Sciences and the Morris County Economic Development Corporation (MCEDC), a public-private partnership with the county freeholders, on Wednesday kicked off a seminar series with a session about cyber security.
More than 100 people came to Porzio’s offices in Morris Township to hear experts discuss how to safeguard computer systems in the worlds of biotech, pharma, medical devices, nutraceuticals (vitamins and pharma), cosmeceuticals (cosmetics and pharma) and other life sciences.
Protecting individual patient data was discussed as well.
Panelists included former National Security Agency experts now running their own companies, a “white hat” hacker who provides stress-testing for security systems, a leading New Jersey cybersecurity expert, a risk manager, insurers and lawyers.
Sobering stories included the City of Newark’s decision to pay hackers a ransom of $300 in bitcoin to have the city’s computer network un-frozen — only to be attacked later for $3,000 and again this year for $30,000.
Small companies succumbed this spring to the WannaCry cryptoworm, with and without the “Double Pulsar” backdoor.
Within the Dark Web — encrypted sites not indexed by search engines such as Google or Bing — there exists a “Yelp for ransomware,” sharing comments on what happens to sites after bitcoin ransoms are paid.
Threat actors are not limited to hostile nations such as North Korea, Iran or Russia. They can come from nearly anywhere.
Even traditional gangs like the Bloods and the Crips are forgoing the risky businesses of drug trafficking and prostitution in favor of hacking and extortion.
Practical advice was offered to companies about how to defend against attacks, as well as how to respond to them.
Considering the Equifax scandal, for example, experts recommended that the person responsible for chief information security (CISO) report to a different chain of command than the CIO — the Chief Information Officer.
The CSO and the CIO are often going to clash, in which case, senior executives must be willing to balance (in Equifax’s case) the risk of data being stolen, versus the business interference that could come from adding a software patch.
Equifax was criticized for having a single person responsible for data patching. Despite the verbiage “patch,” which sounds simple, software patching requires some skill and knowledge to do correctly.
For individuals protecting their PCs, New Jersey CCIC (NJ “kick”) provides a set of recommendations and resources. They are available to help businesses plan for and respond to cyber threats.
NJ CCIC also provides resources on cyberbullying, parental controls and other intra-family issues.
The MCEDC’s Life Science Committee intends to offer similar events several times a year. Continuing Legal Education (CLE) credits are available from these programs.