As cyberthreats to medical research on COVID-19 – and other intellectual property – grow, organizations must take critical steps to prevent the theft of their “innovation capital,” says Russell Koste, chief security officer at Alexion Pharmaceuticals.
To help security leaders more effectively mitigate the risks, the Healthcare and Public Health Sector Coordinating Council’s Joint Cybersecurity Working Group recently issued a Health Industry Cybersecurity Protection of Innovation Capital guide. Koste is co-chair of the working group.
In recent weeks, authorities in the U.S. – including the FBI and the Department of Homeland Security – have issued warnings that hacking groups are targeting research and healthcare facilities working on developing vaccines, testing procedures and treatments for COVID-19.
“In this day and age, if you are an organization that is directly working on COVID-19 research, you should have technical controls that actively block the removal of innovation capital from your organization,” Koste says in an interview with Information Security Media Group.
Technologies that can play important roles include data loss prevention tools, controls on mobile devices as well as “controls for external file shares,” he says. “That might sound simple, but a lot of organizations large and small have resisted putting those technical controls in place because of business disruption. It takes as mature security organization to work that through with the business leaders.”
In the interview (see audio link below photo), Koste also discusses:
- Security threats and risks facing organizations that conduct medical research and clinical trials;
- Important security concerns and best practices spotlighted in the new guidance;
- Other critical steps for protecting sensitive information and intellectual property;
- Evolving cloud security challenges.
Koste is chief security officer and global head of security, sourcing and real estate at Boston-based Alexion Pharmaceuticals. His responsibilities span cyber and physical security, corporate crisis management and resiliency, IT quality, as well as managing strategic assets. He previously formed Fidelity’s cyber intelligence and operations unit. Prior to that, Koste held a number of cybersecurity executive positions at Northrup Grumman.