COVID-19 is the gift that keeps on giving — to cybercriminals.
First, the shift to remote work opened millions of new entry points to company systems, via unsecured home networks and personal devices. Now, as vaccine distribution picks up in the U.S., cybercriminals are disrupting the vaccine supply chain.
Some attacks may be forms of state-sponsored espionage to steal sensitive data from research institutions and pharmaceutical companies. But the majority of these cyberattacks are for the same reason as usual: profit.
In recent weeks we’ve seen a significant uptick in ransomware attacks in the transportation and cold storage sectors. Hackers are going after companies involved in the supply-chain process, such as producers of dry ice.
It's critical for all components of the vaccine supply chain, from pharmaceuticals to logistics, to protect themselves against cybercrime. Organizations need to invest in the proper security measures now, or risk the vaccine's safe delivery, the cost of ransomware and their brand reputations.
Threats to the COVID-19 Vaccine Cold Chain
With supply chains under intense pressure to deliver vaccine doses, cybercriminals have the opportunity to score big payouts. And these hacks are part of a larger trend: Supply-chain cyberattacks surged 430% in the past year.
The top security threat of 2020 was phishing attacks. Phishing has increased more than 600% since COVID-19 began, largely because it’s a cheap, easy and effective way for hackers to gain access to an organization’s data.
Phishing has been the biggest threat to the vaccine cold chain as well. IBM recently discovered a series of phishing attacks targeting those involved in vaccination storage and transport. Cybercriminals targeting the supply chain know that victims are more likely to pay the ransom if they need to get a sensitive product to market on time and in good condition.
As of February, 2021, the U.S. had administered 63.1 million doses of the vaccine, according to Bloomberg’s tracker. That’s a small fraction of the volume we can expect to see in the coming months. The U.S. has spent billions to secure hundreds of millions of doses from Moderna and Pfizer, expected to arrive through June and July.
With the supply chain already strained to deliver the current volume of vaccine doses, organizations need to invest in proper security efforts to minimize further disruption and scale effectively.
Three Ways to Strengthen Security
Organizations in the vaccine supply chain should implement the following measures to protect themselves against phishing and ransomware attacks:
Automated e-mail phishing defense solutions. These use machine learning to prevent malicious e-mails from reaching inboxes across an entire network. They can also alert recipients to messages that look suspicious or quarantine emails for I.T. teams to investigate.
These technologies can protect against both phishing and spear phishing, which is a targeted form of phishing that includes more personalized phrasing and calls to action. In one example IBM uncovered in its investigation, hackers sent e-mails impersonating executives at Haier Biomedical (a legitimate participant in the vaccine distribution chain). The e-mails contained requests to place an order with the recipient’s company, and included an attachment containing malware.
Though automated phishing defense solutions are critical, they are most impactful when combined with regular, effective cybersecurity training. Every employee involved at any level of the supply chain should be able to spot the signs of a phishing e-mail and understand which procedures to take to alert their I.T. team.
Strong identity and access management (IAM). These solutions enhance login security. They enable businesses to control user access to sensitive information, decreasing the risk that stolen credentials will result in access to hackers.
IAM also includes systems such as single sign-on (SSO) and multifactor authentication (MFA), providing the ability to securely store identity and profile data. SSO enables users to sign on once to access all their working web applications, and is often integrated with MFA to verify identity beyond a username and password. These tools can apply to cloud applications, desktop logins, VPNs and more.
Both IBM and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) discovered attacks intended to steal the network login credentials of corporate executives at companies involved in the COVID-19 supply chain. IAM makes it more difficult for cybercriminals to use a phished password or engage in credential stuffing, and can alert I.T. of suspicious login activity.
Given that 29% of security breaches involve stolen credentials, IAM is a critical component of any security framework. Additionally, you’ll need to educate employees on password hygiene to prevent the use of duplicate or simple passwords.
Frequently tested data backup and recovery software. A multilayered data backup strategy is an important fail-safe in the event of a successful cyberattack. Robust backup solutions protect data and can restore it quickly, reducing possible downtime. An automated data backup strategy is the safest and easiest approach, mitigating the risk of human error. Back up your data every 24 hours for optimal protection, or once a week at a minimum.
Ransomware attacks can infect backups as well, so it's recommended you follow the 3-2-1 rule: three copies of your data, on two different types of media, and one version stored off-site. This might sound obvious, but it’s vital to test your data backups. Too often, organizations only realize their backup solution doesn’t work after they need to recover their files.
An intelligent backup system that employs predictive analytics and machine learning technology can also detect the presence of anomalies and conditions typical of ransomware attacks. The system can then alert administrators of abnormal fluctuations so that your organization can respond quickly and restore to the most recent secure backup.
Security is integral to our nation's recovery. The health of our people and economy depends on the safe and efficient distribution of COVID-19 vaccinations. Organizations involved in the vaccine supply chain need to adopt strong cybersecurity approaches that include multilayered protection against threats like phishing and ransomware. Adopting these security measures offers protection from immediate threats targeting the vaccine supply chain, and sets up your organization for a more secure future.