Health
Ensuring cybersecurity in the research sector 

By Fabian Sutch-Daggett - World Healthcare Journal

In our current healthcare climate, there has never been a greater need for collaboration, innovation, and cooperation to flow through the research sector. Ensuring that teams can work efficiently to develop new solutions and technology while still maintaining security over data is absolutely imperative.

It is precisely for this reason that cybersecurity at the research level needs to be as strong as possible. Whilst the phrase “cyber-attack” may bring to mind memories of attacks on financial institutions, social media platforms, and governments, the research sector is equally prone to threats from intellectual property theft, espionage, and sabotage attempts.

Talking to James Fleming of the Francis Crick Institute, we examined some of the key issues surrounding protection for biomedical research facilities, why cyber-attacks occur in this sector, and what researchers themselves need to be more aware of.

Ensuring good collaboration and strong protection 

Perhaps the biggest tension point within cybersecurity in medical research surrounds how organisations can continue to promote free, open collaboration between teams and external partners, while still protecting their data from malicious sources.

“Research is at its best when it's collaborative and it transcends institutional boundaries. Institutions are just convenient groups of researchers - and that goes directly against the vast majority of received wisdom on cybersecurity, which is to build a big wall around your institute and everything in it,” says James.

“This issue is true of any organisation, but it's especially in the academic space where you're constantly trying to juggle how to not inhibit collaboration, but to enable it. ” 

Due to the nature of the way research - especially cutting-edge research - is conducted, it is therefore far harder to balance enabling interconnectivity between scientific institutions while also ensuring that cybersecurity is well-managed, in comparison to, say, a bank or a legal firm, where it is far simpler to build virtual walls.

“You're dealing with a group of people who will not be constrained in the way they want to work - nor should they. That's how best science happens,” says James.

The threat to research - high or low risk?

Scientific research is suddenly becoming one of the immediate fields of interest to cyber criminals, particuarly with the urgent global need for a coronavirus vaccine. This is why it is all the more necessary for researchers and all those who work in the sector to be extra vigilant when it comes to ensuring that their systems are secure.

“The nature of the risks in research are quite different. If I run a corporation, my first thought is probably going to be around by my IPR. If I’m in charge of a bank, all of my money is basically data,” says James.

“In an academic environment, many are committed to open access, because they want to share their data and be transparent about it. The idea is to be as accessible to all as you can possibly make it. ” 

As such, due to the different risk which is posed to research organisations, the necessary approach to cybersecurity leans away from the classical approach of building the highest “wall” possible, but instead around understanding patterns of behaviour, and noticing deviances from regular operations to potential breaches.

“You need to make sure you’ve got multiple lines of defence and multiple lines of assurance. It's an issue of monitoring potential threats rather than repelling them,” says James.

Recommendations for organisations to maintain strong security 

But, this is all far easier said than done. It’s simple to tell firms to have strong security, but not hinder collaboration. So the question is, what are the vital steps to building a strong, secure network?

“The first thing to do is to be absolutely rigorous about the services you provide, and how people are using them. A lot of organisations can fool themselves into a false sense of security by thinking that everybody's using the services they work with, so they must be safe,” says James.

“When I first came to the Francis Crick Institute, there were lots of people using free collaboration services which sit completely outside of IT’s remit. But that has to shift. We have to embrace all of them, and bring them under our own control. ” 

Third-party collaboration and efficiency tools are used more today than at any other time - especially with the impact of the coronavirus pandemic on working from home. But, by ensuring that these tools are managed by the organisation, and monitored accordingly, they can continue to be a help, not a hindrance.

“Once you've set the boundaries of what you want to control, the next place is understanding what normal looks like - and placing appropriate monitoring over the top of that,” says James.

“Every organisation has a very different definition of good or normal. You’ve got to understand what normal looks like, and you can progress from there. ” 

In among both of those factors, organisations have to decide how to provide the right level of risk control and assurance - and make sure that they protect what truly matters to them.

“In a research context for us, it is about the certainty, immutability, and recovery of our data, and making sure that it is very much under control,” says James.

“You must always work on the basis of bad things will happen, and how you can recover from them - which is much safer than trying to ensure bad things will never happen. ”


#whjnews #whjfeature #whjdigital #whjclinicalservices #whjhealthsystemsdevelopment #whjfabiansutch #coronavirus