Industry Leader Reacted On North Korean Hackers Target Six Pharmaceutical Companies Making COVID-19 Vaccines

In relation to the news that North Korean hackers have targeted at least six pharmaceutical companies in the U.S, the U.K., and South Korea working on Covid-19 treatments, including UK-based healthcare company Astra Zeneca, please find commentary from Industry leader.

Experts Comments

December 03, 2020
Egon Rinderer
Global VP of Technology & Federal CTO
Tanium
It was recently reported that North Korean hackers targeted at least six pharmaceutical companies working on COVID-19 vaccines, including Astra Zeneca in the United Kingdom. Given the ongoing health crisis, pharmaceutical companies carry outsized importance in our society today -- their cybersecurity is an international imperative. This is a deeply concerning threat, and similar to the NotPetya attacks of 2017, this should serve as a wake-up call. Though North Korea is a high-profile.....Read More
It was recently reported that North Korean hackers targeted at least six pharmaceutical companies working on COVID-19 vaccines, including Astra Zeneca in the United Kingdom. Given the ongoing health crisis, pharmaceutical companies carry outsized importance in our society today -- their cybersecurity is an international imperative. This is a deeply concerning threat, and similar to the NotPetya attacks of 2017, this should serve as a wake-up call. Though North Korea is a high-profile nation-state attacker, the fact is healthcare and pharmaceutical industries remain uniquely vulnerable to bad actors of all kinds and must work to continually bolster their security. Pharmaceutical companies have extensive intellectual property around drug development efforts and extensive supply chains and technology infrastructure that rely on third parties to bring their products to market. The ironic, perhaps even frustrating, advice is — the “secret” to better security is about executing on the simple fundamentals. Maintain IT hygiene, ensure device compliance, make sure you have visibility into all assets and devices in-house and reported by third parties, deploy patches at scale, educate employees about tactics like spear-phishing, and conduct oversight of your third-party IT service providers.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.