Employee security awareness key component of cybersecurity roadmap for Repligen

Biotech companies like Repligen can be targets for cyber criminals (perhaps with some high-level support from certain states) aiming to steal intellectual property or other confidential data. However, Richard Richison is concerned about opportunistic attacks as he worries about other targeted threats.

“Our main focus is to stop the threat actors so ransomware is the main thing we will protect against. We spend a lot of time protecting end users through security awareness training because everything it all it takes is one click on a bad link to let the threat actor in,” Richard said.

End-user training is a critical part of Repligen’s cybersecurity strategy. Once a year, the quarter provides a refresher on cybersecurity awareness that is still prevalent despite the agreement that it is best, ineffective, not a Repligen-approved plan.

The company conducts monthly phishing attacks on end-users – another one to follow.

Risk assessment and road map

According to Richison, while Repligen has always been very secure, until a few years ago, security was reserved and ad hoc.

“We have all the tools we need to have but we don’t have a clear understanding of our attack surface,” he said.

“We have on premise datacentres and assets in AWS and Azure. Just being able to understand the music in all the hybrid infrastructure pieces is a challenge. It is also about being able to understand the limits of Shadow IT. Users update themselves Dropbox, something . They put it there? They connect to Gmail from the office end. Why? It’s about understanding what we have, where it is and what those devices are communicating.”

Also Read :  How to recognise internet fraud

Finally, last year, Repligen hired a third party to review their entire security system. They decided on a security system that consists of 20 controls. Others discuss each of these controls and how Repligen measures them. Roadmaps were then developed for board-level presentation of priorities and appropriate tools and automation were added.

Laws vary around the world. How is a global organization like Repligen affected?

“As a global business, we must comply with the GDPR. However, we are not regulated by the FDA so the only real regulation we are subject to is Sarbanes-Oxley. However, we take GDPR very seriously. and contact a legal entity. Ensure compliance. The state of California has its own version of the GDPR that we follow as well.

Richison also called the Federal Cybersecurity & Infrastructure Agency (CISA.)

“CISA has done a lot of good things in terms of keeping security awareness in mind. They have stated that they would like public companies to have a security officer to bring the board to the same fund. That. Members can post Enron. We’ve already done that and the executives know the security policies and controls we have.”

Also Read :  Genoox partners with Thermo Fisher Scientific to automate cytogenetic research data interpretation and reporting with AI

Richison has a compelling interest in the risks posed by supply chains – something that features prominently in many current security strategy discussions. The attack by the software vendor Kaseya is a good example of this type of attack, because it is a remote control tool, which is often used by MSPs and others. The criminal intent of the attack was made clear by the number of companies affected by the breach. However, Repligen managed to avoid the worst.

“Our Kaseya equipment is not connected to the Internet. We download and install manually. One of the ways we reduce risk is not to rely entirely on third parties. We do not think they are secure. Everyone is at risk. , including including. them.”

The strongest connection

Repligen’s end-user awareness training is a key plank of their cyber security approach. Employees are targeted for additional training based on their response to proven phishing attacks conducted by the company.

Also Read :  Don’t let Russia win, NATO chief warns US – POLITICO

“Our security training uses AI. It’s based on user behavior over the past months so we can identify where the risk is and focus on that. We also have specific training for users. finance and sales staff because they are exposed to a lot of risk. They get their own special training.”

Repligen also conducts annual mandatory training for everyone regardless of their role or practice. Until they get 100% in the training, they keep getting reminders that the issue increases if the training is neglected. The company also has digital signage at every global location and safety reminders that move through displays in the office area.

Richison strongly believes in regular communication with senior officials.

“We had a meeting recently and were able to list the achievements of the past year and what we expect in the coming year. Our analysis means that we can identify the safety numbers cyber security maturity model. The number continues to increase for all 20 different controls. under our security system so they can see that the maturity level is growing every quarter.”

Source

Leave a Reply

Your email address will not be published.

Related Articles

Back to top button