This article was originally published on bio-itworld.com.

When it comes to cybersecurity needs and policies, the biotech and pharma industries need to secure and protect their most valuable assets like every other industry. What makes them unique, however, is that while protecting a company’s data is important to any industry, this information (i.e. research) is the biotech or pharma company in question—it’s their lifeblood and is the foundation for everything they do.

This article was originally published on Forbes.com.

Flat networks have become so prevalent because they are typically simple to architect, cheap to construct and easy to operate and maintain. However, it turns out that malicious actors love flat networks, too. That's because once a single host on a flat network has been compromised, the integrity of the rest of the network starts to resemble a house of cards. Once an enterprise is penetrated, the flat network delivers the uninvited and unwelcome guest unfettered network access to scan, identify and target high-value assets. Unfortunately, many organizations fail to mitigate or even fully recognize these risks.

It's that time of year again so I took some time to reflect back on 2018 and what we can expect to ring true in 2019. I've boiled it down to two predictions. The first takes an introspective view into the organizations we're all ultimately tasked with protecting. The second takes an outward-facing view that acknowledges that enterprises are part of a broader business ecosystem, and with that comes upstream and downstream risk. 

In this post, I explain the various factors in calculating the Illumio Vulnerability Exposure Score (VES), which allows organizations to combine industry-standard vulnerability scoring measurements with context from their own unique environment. The VES also helps security professionals prioritize security controls to minimize the exposure of the attack surface and potential impact of vulnerabilities.

This article was originally published on Forbes.com. Read part one of the series here. 

In part one of this two-part series, I talked about the similarities between protecting high-value assets in public spaces in the real world and in the enterprise. This includes the need to understand the value of the assets, how to reduce available pathways to the assets to minimize the potential attack surface and use security controls on the access points.