• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » For Cybercriminals, COVID Is the Gift That Keeps Giving

Think Tank
Think Tank RSS FeedRSS

For Cybercriminals, COVID Is the Gift That Keeps Giving

Health and Safety
Photo: Bloomberg
March 11, 2021
Nadir Merchant, SCB Contributor

COVID-19 is the gift that keeps on giving — to cybercriminals.

First, the shift to remote work opened millions of new entry points to company systems, via unsecured home networks and personal devices. Now, as vaccine distribution picks up in the U.S., cybercriminals are disrupting the vaccine supply chain.

Some attacks may be forms of state-sponsored espionage to steal sensitive data from research institutions and pharmaceutical companies. But the majority of these cyberattacks are for the same reason as usual: profit.

In recent weeks we’ve seen a significant uptick in ransomware attacks in the transportation and cold storage sectors. Hackers are going after companies involved in the supply-chain process, such as producers of dry ice.

It's critical for all components of the vaccine supply chain, from pharmaceuticals to logistics, to protect themselves against cybercrime. Organizations need to invest in the proper security measures now, or risk the vaccine's safe delivery, the cost of ransomware and their brand reputations.

Threats to the COVID-19 Vaccine Cold Chain

With supply chains under intense pressure to deliver vaccine doses, cybercriminals have the opportunity to score big payouts. And these hacks are part of a larger trend: Supply-chain cyberattacks surged 430% in the past year.

The top security threat of 2020 was phishing attacks. Phishing has increased more than 600% since COVID-19 began, largely because it’s a cheap, easy and effective way for hackers to gain access to an organization’s data.

Phishing has been the biggest threat to the vaccine cold chain as well. IBM recently discovered a series of phishing attacks targeting those involved in vaccination storage and transport. Cybercriminals targeting the supply chain know that victims are more likely to pay the ransom if they need to get a sensitive product to market on time and in good condition.

As of February, 2021, the U.S. had administered 63.1 million doses of the vaccine, according to Bloomberg’s tracker. That’s a small fraction of the volume we can expect to see in the coming months. The U.S. has spent billions to secure hundreds of millions of doses from Moderna and Pfizer, expected to arrive through June and July.

With the supply chain already strained to deliver the current volume of vaccine doses, organizations need to invest in proper security efforts to minimize further disruption and scale effectively.

Three Ways to Strengthen Security

Organizations in the vaccine supply chain should implement the following measures to protect themselves against phishing and ransomware attacks:

Automated e-mail phishing defense solutions. These use machine learning to prevent malicious e-mails from reaching inboxes across an entire network. They can also alert recipients to messages that look suspicious or quarantine emails for I.T. teams to investigate.

These technologies can protect against both phishing and spear phishing, which is a targeted form of phishing that includes more personalized phrasing and calls to action. In one example IBM uncovered in its investigation, hackers sent e-mails impersonating executives at Haier Biomedical (a legitimate participant in the vaccine distribution chain). The e-mails contained requests to place an order with the recipient’s company, and included an attachment containing malware.

Though automated phishing defense solutions are critical, they are most impactful when combined with regular, effective cybersecurity training. Every employee involved at any level of the supply chain should be able to spot the signs of a phishing e-mail and understand which procedures to take to alert their I.T. team.

Strong identity and access management (IAM). These solutions enhance login security. They enable businesses to control user access to sensitive information, decreasing the risk that stolen credentials will result in access to hackers.

IAM also includes systems such as single sign-on (SSO) and multifactor authentication (MFA), providing the ability to securely store identity and profile data. SSO enables users to sign on once to access all their working web applications, and is often integrated with MFA to verify identity beyond a username and password. These tools can apply to cloud applications, desktop logins, VPNs and more.

Both IBM and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) discovered attacks intended to steal the network login credentials of corporate executives at companies involved in the COVID-19 supply chain. IAM makes it more difficult for cybercriminals to use a phished password or engage in credential stuffing, and can alert I.T. of suspicious login activity.

Given that 29% of security breaches involve stolen credentials, IAM is a critical component of any security framework. Additionally, you’ll need to educate employees on password hygiene to prevent the use of duplicate or simple passwords.

Frequently tested data backup and recovery software. A multilayered data backup strategy is an important fail-safe in the event of a successful cyberattack. Robust backup solutions protect data and can restore it quickly, reducing possible downtime. An automated data backup strategy is the safest and easiest approach, mitigating the risk of human error. Back up your data every 24 hours for optimal protection, or once a week at a minimum.

Ransomware attacks can infect backups as well, so it's recommended you follow the 3-2-1 rule: three copies of your data, on two different types of media, and one version stored off-site. This might sound obvious, but it’s vital to test your data backups. Too often, organizations only realize their backup solution doesn’t work after they need to recover their files.

An intelligent backup system that employs predictive analytics and machine learning technology can also detect the presence of anomalies and conditions typical of ransomware attacks. The system can then alert administrators of abnormal fluctuations so that your organization can respond quickly and restore to the most recent secure backup.

Security is integral to our nation's recovery. The health of our people and economy depends on the safe and efficient distribution of COVID-19 vaccinations. Organizations involved in the vaccine supply chain need to adopt strong cybersecurity approaches that include multilayered protection against threats like phishing and ransomware. Adopting these security measures offers protection from immediate threats targeting the vaccine supply chain, and sets up your organization for a more secure future.

Nadir Merchant is general manager of IT Glue, a Kaseya company.

Technology Supply Chain Security & Risk Mgmt

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A HAND HOLDS A CELL PHONE IN FRONT OF A LAPTOP. A FLOATING QR CODE CAN BE SEEN BETWEEN THE PHONE AND LAPTOP.

    The Mysterious Case of the Disappearing QR Code

    Data Management (Big Data/IoT/Blockchain)
  • A WORKER IN COLD WEATHER GEAR WRITES ON A CLIPBOARD IN A WAREHOUSE

    Automating the Cold-Chain Warehouse

    Business Strategy Alignment
  • Multiple cars are being put together by robotic arms on an assembly line inside of a factory. Photo: iStock.com/Traimak_Ivan

    Podcast | Will an Investment ‘Supercycle’ Spark the Revival of American Manufacturing?

    Sourcing/Procurement/SRM
  • A LOOKING-DOWN VIEW OF AN OPEN PIT RARE EARTH ELEMENTS MINE

    U.S. Weighing Record $1B Loan for Massive Lithium Mine in Nevada

    Education & Professional Development
  • A PAIR OF HANDS IS HOLDING A TRANSLUCENT 3D RENDERING OF A GLOBE WITH SUSTAINABILITY SYMBOLS SURROUNDING IT IN FRONT OF A GREEN BACKGROUND.

    Finding ROI in Sustainability

    Data Management (Big Data/IoT/Blockchain)

Digital Edition

Scb august 2023 lg

2023 100 Great Supply Chain Partners

VIEW THE LATEST ISSUE

Case Studies

  • JLL Finds Perfect Warehouse Location, Leading to $15M Grant for Startup

  • Robots Speed Fulfillment to Help Apparel Company Scale for Growth

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

Visit Our Sponsors

Antuit Zebra Anvyl AutoStore
BEUMER Group Blue Ridge Global Brother
CHEP Cleo Coenterprise
Data Capture E2open Enveyo
Eva Air ForwardX Robotics Frayt
GAINSystems Generix Geodis
GEP Global Supply Chain Marketing Summit GreyOrange
Here Holman Logistics Infor
Inmar Kinaxis Lexis Nexis
Locus Robotics Logility LogistiVIEW
Lucas Systems MCA Connect MPO
Old Dominion OneRail Overhaul
PartnerLinQ (Visionet) Port of Virginia Ryder E-commerce by Whiplash
Saddle Creek Logistics SAP Shyft
Sourcemap SPS Commerce Tecsys
TGW Systems Thomson Reuters Veho
Verusen Walmart Workshop
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing