How can organizations protect themselves and their employees against vaccine-related phishing attacks?
Lim: The primary way is to deploy email phishing defense systems that will rewrite every URL that comes into your employee’s mailbox. This URL rewriting allows malicious links to be detonated in a safe environment. Good phishing defense systems will also leverage AI and Machine Learning to analyze the content, attachment and metadata of the email to determine whether it’s malicious. This will filter out the majority of phishing related attacks.
The next layer of defense is to focus on implementing comprehensive awareness training to help employees identify fraudulent emails. Cybersecurity is not just the responsibility of the IT department but requires all employees to be well-versed in recognizing and flagging and reporting suspicious activity. Given the sophistication of cyber attacks today, it only takes a compromised link in the system to place the entire supply chain at risk of a cybersecurity attack.
The third layer of defense is to ensure that computing devices are adequately protected with a next generation endpoint protection platform that has advanced detection and response capabilities. Even better is an endpoint defense that integrates with other security capabilities such as firewalls, threat correlation engines, or SOAR (security orchestration automation and response). Having a cohesive defense-in-depth posture allows companies to stop attacks early in the kill chain.
More businesses, regardless of industry, have realized that the supply chain is often a significant weak link in their cyber-defenses. What are some of the common challenges they face in maintaining data integrity and privacy?
Lim: One of the most common challenges businesses face is the difficulty in managing the cybersecurity implications of third-party suppliers. Despite an increased reliance on third-party suppliers, most organizations do not have a clear set of cybersecurity guidelines in place for their partners, which places them at a greater risk.
Even if they have the necessary framework in place, an organization can’t always control the security measures taken by all supply chain partners. This issue is further compounded by the sheer volume of suppliers a typical organization exchanges sensitive data with and/or have trusted interfaces to.
A strong supplier management, with a focus on security requirements as well as establishing collaborative relationships to ensure a complete view of suppliers’ security posture, is essential to maintain data integrity and privacy. Organizations are also better served if they have a way of classifying their critical suppliers so they can focus more of their due diligence on consequential partners.
Additionally, larger organizations with a mature cybersecurity department can also create a knowledge sharing community between their key suppliers to alert them on security exposures or threats in their line of business.
Information-sharing collectives have been effective in some industries, like the FS-ISAC for financial services and the H-ISAC for healthcare companies. Large organizations can push this expertise downstream by encouraging smaller suppliers to take part in sector-specific exchanges.
What are some areas of vulnerability healthcare providers and pharmaceutical companies are exposed to?
Lim: Cybercriminals are leveraging the global pandemic to launch more cyberattacks than ever. From December 2020 to February 2021, Unit 42 observed a 189% increase in phishing attacks relating to and/or targeting pharmacies and hospitals.
Being at the forefront of the pandemic has made healthcare providers and pharmaceutical companies prime targets for cyber-attacks for several reasons.
First, healthcare providers are facing severe resource and manpower constraints while trying to cope with the scale of the pandemic. Second, the greater reliance on medical IoT devices means that there is a broader attack surface for cybercriminals to strike.
Moreover, the value of patient medical information is estimated to be worth as much as 50 times more than personal financial information on the black market. Coupled with the increasingly sophisticated cyberattack methods, it has become extremely challenging for healthcare providers and pharmaceutical companies to protect themselves should their cybersecurity precautions fail to match their pace of digitalization.
How can Asia Pacific organizations in these sectors strengthen their capabilities to protect their intellectual properties and vaccines?
Lim: Organizations can strengthen their defense against cybersecurity threats by adopting a Zero Trust architecture within their organization. Traditional security models have often operated on the assumption that everything inside an organization’s network can be trusted. Recent breaches show us that a trusted piece of software or a compromised credential allowed hackers to infiltrate huge portions of the environment undetected for months.
The common denominator is designing systems based on implicit trust. Rooted in the principle of “never trust, always verify”, the Zero Trust model eliminates the concept of implicit trust from an organization’s network architecture.
The model is designed to protect modern digital environments by providing comprehensive and accurate visibility of managed and unmanaged devices, enforcing identity-based micro segmentation for cloud and on-premise networks, leveraging ML and AI to baseline, correlate and analyze anomalous behavior, and automating security responses immediately to stop active attacks.
Cybersecurity is never just the responsibility of the business leader, employees also play an important role in securing their organization’s system. Privacy breaches often occur due to human error – an employer opening a malicious file by accident or clicking on a phishing URL. These incidents can easily be prevented with cyber literacy training.
By investing in employee learning and development to keep them updated on cybersecurity threats present today, organizations can strengthen security links and minimize potential loopholes that cyber attackers can exploit.
Is there anything to be learnt from other sectors or recent COVID-19-linked cyber-attacks?
Lim: Cyber-attackers today are highly opportunistic and have shown us that, for them, there is no sacred ground. Hospitals have suffered ransomware attacks that hindered them from delivering critical treatments. A city’s water supply infrastructure was recently compromised to poison innocent civilians.
We can be sure that life-saving vaccines will not be spared in the wake of these recent exploits.
With the global COVID-19 inoculation still very much in progress, attacks related to the vaccine – and attacks targeting related industries – will continue to rise as production and distribution continue to scale over the coming months.
As countries look towards reopening and recovery opportunities, healthcare enterprises and organizations will need to remain vigilant and continuously adapt their cybersecurity best practices to deal with constantly evolving threats.