As the country prepares for the long-awaited and much anticipated COVID-19 vaccine, the news of an attempted hacking campaign targeting crucial organisations within the vaccine ‘cold supply’ chain network is worrying to say the least.
Although it is not clear whether the sophisticated phishing campaign was successful, these reports serve as an important reminder of the integral role that a secure network with a dedicated team of specialists can play in ensuring the execution of this roll-out in the fight against COVID-19.
With the country on tenterhooks preparing for the imminent roll-out of the COVID-19 vaccines, it was inevitable that contributing organisations would be targeted by cyber criminals. But what typically differentiates these sophisticated nation-state level groups from more amateur organisations, is their taking the attack surface provided to them and their ability to find a way in, even if there are no known vulnerabilities. Externally exposed services and devices are targets that are often desirable as well as the ever-prominent phishing email.
For the organisations taking part in distribution of COVID-19 vaccines, leveraging a third party to manage data protection is likely wise. Many government entities and affiliate organisations suffer from a lack of resources that allow them to adequately protect their assets and data. This is not an excuse, but a realisation that needs to be understood so the problem can be appropriately addressed.
From a privacy perspective it is apparent that centralisation of data is necessary to achieve a full vaccine roll-out and other solutions to COVID, at least in the near term. If you’re unable to manage the systems and security themselves, outsource this function to a skilled third party. This comes with its own risks but is significantly better than the alternative – a compromised operation with costly implications.