If cybersecurity isn’t on your mind, it should be.
“Businesses faced more cyberattacks than ever before in 2021 with new data from Check Point Research revealing that corporate networks saw 50% more attacks per week when compared to the previous year.”
According to the 2022 Gartner Board of Directors Survey, 88% of board members classified cybersecurity as a business risk; only 12% called it a technology risk.
After decades of working to harden business systems against cyber risks, in 2020 everyone suddenly began working from home. While remote work had been steadily – albeit slowly – growing over the last decade, COVID served as the key trigger event that proved its practicality.
While the work from home trend has started to reverse over the last six months, it is expected to play a more prominent role in the future as employees increasingly demand remote work (even if not full-time) as a benefit.
Many labs have embraced the convenience of remote access, but this has introduced new cybersecurity risks everywhere – including informatics platforms such as LIMS. Across all sectors in general, cybercrime complaints jumped 300% after the coronavirus pandemic hit, according to the FBI.
With business systems now being accessed globally, how can you ensure the security of your sensitive data?
The reality is that any online platform could be targeted by cyberattacks. Although LabVantage LIMS has always been secure, the “new normal” of remote work has made system security an even greater priority – both in our products and our company culture. To mitigate these threats, we’re employing proven defenses that every software manufacturer should utilize when handling sensitive or critical data.
Below we’ll review some of the most important best practices and resources that contribute to the world’s most trusted cybersecurity strategies.
The Open Web Application Security Project (OWASP)
OWASP is a non-profit organization founded in 2001, with the goal of helping website owners and security experts protect web applications from cyber-attacks. The organization has 32,000 volunteers around the world who perform security assessments and research.
One of its best-known initiatives is the OWASP Top 10, a research project that offers rankings of – and remediation advice for – the top 10 most serious web application security dangers identified by security experts worldwide. Maintained since 2003, the list is updated every 2–3 years to stay current with changing cybersecurity risks.
Because LabVantage is a web-based system which uses a browser, we carefully track the OWASP Top 10 and discuss it frequently when we talk to customers and prospects.
Other resources available from the organization include the OWASP Software Assurance Maturity Model (SAMM), the OWASP Development Guide, the OWASP Testing Guide, and the OWASP Code Review Guide.
Also known as “pen testing,” penetration testing is a form of “ethical hacking” in which an authorized cyberattack is performed to test the effectiveness of a system’s security.
The penetration testing process is often characterized as involving five phases:
Reconnaissance: Gathering information about the target system that can be leveraged to improve the attack.
Scanning: Using technical tools to learn more about the system and its potential vulnerabilities.
Gaining access: Using the data gathered in phases 1 and 2 to break into the target system.
Maintaining access: Maintaining a presence in the target system while gathering as much data as possible.
Covering tracks: Clearing all traces of the attack.
After these five phases, penetration tests typically conclude with a full report of any vulnerabilities that were discovered and exploited, along with suggestions for security improvements.
In addition to regularly employing a third-party firm to perform penetration tests on LabVantage LIMS, we also conduct week-long “hackathons” that pit the system against competing groups of programmers who know it better than anyone — the R&D team who designed it.
Multi-Factor Authentication (MFA)
Even if you’re not familiar with the term MFA, you’re probably already using it. If you do online banking, have a retirement fund, use your company’s virtual private network (VPN), or have ever applied for a government travel program like TSA PreCheck or Global Entry, you may have been required to use a form of MFA called two-factor authentication (2FA).
For example, in addition to entering your ID and password, you may have to correctly enter a unique random code that is sent to your smartphone.
This is just one of the most common examples of MFA. The basic idea is that access is only granted when more than one “factor” — such as an object, biometric data, information or other detail — is presented. If any one of the required factors is missing or incorrect, the system assumes your identity has not been proven.
With the release of LabVantage 8.7, users now have three different options for implementing MFA or 2FA: through a commercial SSO identity provider, using email and/or Google Authenticator to send a one-time password, or using Duo Security.
Tracking Code and File Contents
To prevent hacks and breaches, corporate security teams must carefully inspect software code. LabVantage uses a number of tools to track, evaluate and scan source code for vulnerabilities, including SonarQube and Atlassian’s Jira software. Magic-byte detection is built in to protect against incorrect and potentially malicious files being uploaded.
LabVantage is committed to your security – today and tomorrow
As remote work continues to become a daily business reality, new features and improvements have been delivered to strengthen the security of all LabVantage products. These efforts have already made the platform an exceptionally breach-resistant addition to your technology stack. We’ve also stepped up our ongoing commitment to keep current with the evolving cybersecurity landscape.
If you’ve not yet upgraded to the most current version of LabVantage, we encourage you to do so in order to take advantage of the latest baseline of security capabilities.
Contact LabVantage today to explore upgrade options.