Grappling With the Risks and Rewards of Digital Agility
Aon’s recent Global Risk Management Survey highlights cyber threats as the number one risk faced across industries.1 Threats such as business email compromise, supply chain disruption, and sophisticated malware such as ransomware attacks, leave no organization – regardless of size or industry sector – exempt from cyber risk. And the risks are only compounded by the need to delicately balance the rewards and efficiencies of digital agility in a volatile market with the need for enhanced network visibility and security controls. Whether organizations accelerate rapidly through regulatory pressure, competitive motivations, or in response to environmental crises, they must assess their digital capabilities and cyber resilience to mitigate against the exposures created by change.
For many organizations in industries with significant potential for data exposure, the threat of regulatory penalties and potential reputational damage necessitates a high-level baseline of cyber maturity. In turn, this forces the need for continual iteration of digital infrastructure and security controls to combat increasingly adept hackers. But when organizations go too far or too fast in digital agility, their business infrastructure can become entirely based around complex supply chains, creating many gateways for security threats. Organizations that digitally accelerate by partnering with multiple external technology partners and third-party vendors may be putting their digital security at heightened risk, which must continually be mitigated. Unforeseen external factors such as global pandemics or uncertain geo-political climates also contribute to cyber risk and may accelerate digital transformation programs – creating additional threats to organizations with less mature digital infrastructure and cyber hygiene.
This article explores how these challenges are explicitly impacting the life sciences, financial institutions, technology, media and communications and food, agribusiness and beverage sectors.
Life Sciences – Security is the Best Treatment
Top 20 global Fortune 500 pharma companies reveal that total data breaches and exposed records have significantly risen since 2020.2
Characterized by complex global supply chains, analytics firms, and clinical research organizations, the life sciences industry faces a multitude of cyber risks which often result in the targeting of critical data by threat actors.
Exfiltration of sensitive information and theft of intellectual property (IP) is a top concern in the life sciences sector, whether those threats come from malicious insiders, hackers affiliated with government or activist groups, or ransomware. After experiencing an uptick in mergers and acquisitions in recent years, the sector also faces security risks around migration of data when consolidating systems. But the risk is not just financial. Cyber security breaches in medical device and MedTech organizations can be life-threatening to those who need immediate or constant supply of equipment, such as pacemakers and insulin pumps.
For the life sciences industry, these concerns are not new. Many industry-leading companies have already pushed for significant investment in cyber security, including advanced tooling, as well as investments in people, development of processes and other resources. But there remains more work to be done for companies wanting to stay one step ahead of dangerous threat actors.
Services such as Red Team Testing and Adversary Simulation (along with traditional penetration testing) can help simulate an actual cyber attack and support the identification of threats and vulnerabilities before they become a reality. An organization’s security controls – especially those newly implemented – must be validated through testing and assessment. Insider risk assessments are also recommended to assess and mitigate the growing threat of malicious intentional insider threat actors.