COVID-19 supply chains have gained the attention of the general public, but also that of cybercriminals. Such bad actors are getting more skilled at finding and exploiting every potential threat surface in these crucial logistics networks.
No one defensive tool will prove adequate to meeting the threats. What is needed is a wide, coordinated approach across supply chains that combines endpoint security, identity and access management (IAM), data-driven patch management, privileged access management (PAM), and zero trust frameworks.
Health care providers are integral to the success of COVID-19 vaccine supply chains globally, yet evidence shows they have the highest industry cost of a breach for 11 years running. That’s according to IBM’s Cost of a Data Breach Report 2021. The average cost of a health care breach increased from $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase, also according to IBM. Meanwhile, in the pharmaceutical industry, companies’ average cost of a breach is $5.04 million in 2021. Pharma supply chains and highly interconnected health care providers are popular targets for bad actors as their information is among the best-selling on the dark web.
A case study in spear-phishing IBM security researchers discovered orchestrated attacks on COVID-19 supply chains beginning in 2020 and continuing into 2021. A stunning example is the case of Qingdao Haier Biomedical.
Bad actors using spear-phishing campaigns impersonated representatives of Qingdao Haier Biomedical Co., a Chinese-based company and leading provider of equipment to store and deliver materials at cold temperatures. Using precision targeting techniques as the basis of their spear-phishing strategy, the bad actors targeted 12 different personas or roles in companies actively participating in the COVID-19 supply chain. The primary targets of the spear-phishing attacks included the European Commission’s Directorate-General for Taxation and Customs Union.