Recent spectacular supply-chain attacks show an urgent need for vaccine programs to be protected by AI, argues this AI-cybersecurity solutions expert.
Over the past year, Singapore’s healthcare sector has become a primary target for threat actors, and the country’s race against time to vaccinate its population against the coronavirus is at risk from an extra: cyberattacks.
Barely two years ago, the nation had experienced the “most serious breach of personal data“’in its history when the records of 1.5 million SingHealth patients were accessed and copied—including names, NRIC numbers, addresses, and dates of birth. The SingHealth cluster that fell victim to the attack comprised over 30,000 employees, and was rolling up to 500 ongoing IT projects. Yet the organization had only one designated CISO to oversee its security portfolio.
That cyber incident was a stark warning that healthcare organizations are prime targets for attackers, and it also highlighted the shortfalls of under-resourced security teams, reflecting a growing skills gap across the Asia Pacific region.
Yet, the growing challenge of cyber defence simply cannot be met by throwing more humans at the problem. Today’s cyberattacks are stealthier than ever, and as organizations continue to develop, and systems become ever more complex, the threat is not just the fast-moving, aggressive threats that strike at machine-speed, it is also the silent, stealthy threats that blend into the background waiting to strike.
Across the world, we have seen a steady crescendo of supply-chain compromises and instances of adversaries lying low, undetected in systems for months on end. Attacking the ‘soft underbelly’ of an organization via a supply chain is often easier than going after the core target. We have seen how effective this method is, following recent high-profile attacks against SolarWinds, Centreon software, SingTel, and Singapore Airlines.
As strong as the weakest link
Hackers know that extensive and time-sensitive vaccine rollout programs and the healthcare institutions involved are prime targets for attack; vaccine supply chains are a complex web of interlocking physical and digital components across manufacturing, shipping, and distribution, meaning thousands of potential attack vectors could be exploited by cyber adversaries.
We have already seen state-sponsored attackers targeting COVID-19 supply chains. In September last year, organizations across six countries were sent malicious emails purporting to be from Haier Biomedica, a member company of the Cold Chain Equipment Optimization Platform (CCEOP) needed to keep vaccines at the low temperatures necessary for storage.
Despite the complex network these cold chains operate in, the point of entry was simple: a phishing email. The malicious emails, which appeared genuine, came with requests to participate in the CCEOP and contained attachments that displayed requests for security credentials under the guise of encrypted files.
Other CEEOP members, including global organizations headquartered in South Korea and Taiwan, were targeted by this global phishing campaign thought to be the work of nation-state actors.
With downtime not an option, healthcare leaders must acknowledge a new reality where the question is not if, but when vaccine supply chains will be targeted, and indeed, whether an attacker could already be inside their systems. In addition, organizations must hold their suppliers to the highest standards, and ensure that cyber security is top-of-mind for company boards, regulators, and security teams alike.
Supply chain attacks are virtually impossible to detect with standard security tools and procedures, because they appear genuine: malicious software is often packaged as legitimate; and emails that appear in company inboxes can appear to be from trusted suppliers. The problem that must be tackled is not so much how to audit all suppliers, but rather how to manage an attack once it inevitably makes its way inside.
One technology proving useful in this area of cybersecurity is AI-driven intelligence. It can be trained to detect the most subtle of anomalies in critical systems that point toward a supply chain compromise.
Today, organizations with the highest level of cyber maturity are already relying on AI technologies to identify exactly this type of stealthy threats that slip under the radar of traditional tools and stops them as they emerge.
AI has the unique ability to adapt to an organization as it evolves, developing an understanding of ‘normal’ versus ‘malicious’ activity across all digital environments ranging from factory floors to cloud data centers. Critically, AI can respond in real time, before an attack has the chance to cause damage and allowing business operations to continue as usual.
APAC pharmaco-cyber vigilance
In view of the benefits of AI-driven cyber vigilance, the last 12 months of the pandemic have seen APAC healthcare-related organizations adopting the technology.
For example, organizations such as Santen Pharmaceutical rely on AI as a core component of their security stack for “protecting patient data and online systems from hackers seeking financial gain and disruption”, according to a spokesperson. Attackers are becoming increasingly sophisticated, so “we need to fight fire with fire, and AI is crucial in stopping attacks wherever and whenever they emerge.”
Alongside the Republic of Maldives and Bhutan, Singapore is on a race to full vaccination, and efforts continue to gather pace as the program is rolled out to the younger age groups. With the potential for supply chain compromises presenting an existential threat to the national vaccination rollout, healthcare leaders need to consider cutting-edge AI is not only critical against the escalating challenge of cyber threats, but also as a fundamental enabler of national resilience.