This month, the FBI and the Computer Security Institute (CSI) released the results of their most recent annual Computer Crime and Security Survey. And some of the findings should cause life science companies to re-examine their security procedures, software, and systems to make sure new threats are not hazardous to their organization's well being.
For instance, 47 percent of the 616 respondents said their organization had experienced laptop thefts within the last 12 months. This phenomenon is on the rise. For example, an April article in the San Francisco Chronicle noted that the number of laptops stolen in the city had nearly tripled from 2004 to last year and that thieves increasingly are staking out coffee shops to steal laptops when customers were distracted or stepped away from their table.
Naturally, the consequences of a stolen laptop vary greatly depending on the data stored on it. If clinical trial data containing patient information is on a stolen laptop, that represents HIPAA compliance problems. And if a researcher's laptop is stolen, that could result in the loss of intellectual property.
Even if data is stored safely within an organization, it's still not safe. The survey found that 32 percent of respondents said there was unauthorized access of data within their organization. Again, there are potential intellectual property loss and HIPAA compliance implications with such security breaches.
While there is no single (or simple) solution to safeguard all data, there is increased discussion by security industry experts that data on laptops and important company data on internal storage systems should be encrypted.
This might explain EMC's announcement in late June of an agreement to acquire encryption pioneer RSA Security for just under $2.1 billion.