Biotech companies like Repligen are likely to be a target for a cyber criminals (possibly with some high-level sponsorship from certain nation states) intent on stealing intellectual property or other confidential data. However, Richard Richison was as concerned about opportunist attacks as he was about more targeted threats.
"Our biggest focus is keeping threat actors out so ransomware is a key thing we have to protect against. We spend a lot of time protecting end users via security awareness training because all it takes is one click on a bad link to let a threat actor in," Richison said.
That end user training is a critical component of Repligen's cybersecurity strategy. The once a year, ten-minute refresher on cybersecurity awareness which is still surprisingly widespread despite agreement that it is, at best, ineffective, is not a tactic Repligen recommend.
The company conducts a monthly simulated phishing attack on all end users - more of which later.
Risk Assessment & Roadmap
According to Richison, whilst Repligen has always been extremely security conscious, up until a couple of years ago the security stack was siloed and ad hoc.
"We had all the tools we were supposed to have but we didn't fully understand our attack surface," he said.
"We have on premise datacentres and assets in AWS and Azure. Just being able to understand threats within all those hybrid infrastructure pieces was challenging. It was also about being able to understand the extent of Shadow IT. Users set up their own Dropbox, what were they putting there? They were connecting into Gmail from corporate end points. Why? It was about understanding what we had, where it was and what those devices were communicating with."
Eventually, last y ..
Support the originator by clicking the read the rest link below.