With the country on tenterhooks preparing for the imminent roll-out of the COVID-19 vaccines, it was inevitable that contributing organisations would be targeted by cyber criminals. But what typically differentiates these sophisticated nation-state level groups from more amateur organisations, is their taking the attack surface provided to them and their ability to find a way in, even if there are no known vulnerabilities. Externally exposed services and devices are targets that are often desirable as well as the ever-prominent phishing email. For the organisations taking part in distribution of COVID-19 vaccines, leveraging a third party to manage data protection is likely wise. Many government entities and affiliate organisations suffer from a lack of resources that allow them to adequately protect their assets and data. This is not an excuse, but a realisation that needs to be understood so the problem can be appropriately addressed. From a privacy perspective it is apparent that centralisation of data is necessary to achieve a full vaccine roll-out and other solutions to COVID, at least in the near term. If you’re unable to manage the systems and security themselves, outsource this function to a skilled third party. This comes with its own risks but is significantly better than the alternative – a compromised operation with costly implications.  Read Less