The global pharmaceutical giants are inching closer to find nearly 100% efficacy for covid-19 doses. These vaccines when out in pharmacies will herald a new beginning for the mankind wedged by unprecedented human and financial losses. But as scientists and researchers labor to find that ideal clinical formula, a grave threat is looming in the cyber space— attack on intellectual property (IP) data. A wave of recently executed cyber-attacks threatened to abuse the Intellectual Property of pharma companies working to prepare the treatment for curing covid-19.
It’s not hard to fathom how vulnerable our sensitive data assets are in the time of rapid digitalization. Pharma industry, however, remains one of the most vulnerable industries. Nation States actors target cyber-attack vulnerable research centers, manufacturing processes, and digital documents by attempting to steal password credentials. No prizes for guessing the damage that can be caused by accessing confidential information. It is immeasurable.
That brings us to the most burning issue in the infosec space. Are we doing enough to protect the holy grail of an organization- confidential data?
In the digital era, where an enterprise data is everywhere — on-cloud, on-prem, hybrid IT ecosystems — every legitimate access to database, SaaS applications, DevOps tools chains among other critical IT infra must be backed by strong identity authentication and governance process.
If we fail to answer these questions… How an IT security team would ensure legitimate access to systems? … When do an enterprise need to grant conditional access to applications? … Are all important privileged password credentials frequently changed and randomized? … and; Are access to critical systems monitored on real-time basis? —data breach is imminent.
And that’s what we at ARCON believe that Digital Identity Governance is the stepping stone to build a robust cyber security framework. And it is simple to implement. It’s all about getting the basics right.
- Access must be always granted on ‘need-to-know’ and ‘need-to-do’ basis
- The principle of least privilege, especially in managing a large number of privileged accounts, must be practiced
- Password credentials should be always vaulted, frequently changed, and randomized
- Privilege elevation must be offered just-in-time
- Standing privileges to systems must be minimized
- Conditional Access and Multifactor Authentication must be implemented to enforce Zero Trust Network Access (ZTNA) framework amid rising remote access
- Real-time dashboarding of all privileged activities must be enforced
The Bottom line
Highly sensitive data is increasingly targeted by Nation State actors. Organizations must reinforce identity authentication and governance mechanism to protect the confidential information.