With the pandemic entering its second year, humankind needs everything to go right with the deployment of vaccines to help us limit the damage COVID-19 continues to inflict on our collective lives. The last thing that the world needs is cybercriminals derailing these efforts with their relentless pursuit of monetizing attacks on healthcare targets. However, if attackers are set on delaying our pursuit of life-saving treatments to enrich themselves, make no mistake: that is precisely what they are willing to do.
Here is just a sampling of the disturbing stories that have been recently reported:
- Criminals masqueraded as recruiters on WhatsApp and LinkedIn, sending spear-phishing emails to employees of vaccine developer AstraZeneca. The emails arrived in the guise of job offers and were laden with malicious attachments that provided access to the target’s computer.
- A cyber-attack on European Medicines Agency (EMA) led to a leak of illicitly accessed information related to COVID-19 medicines and vaccines belonging to third parties.
- Widespread attacks have been directed at the vaccine supply chain, looking to take advantage of everything from trucking, rail, cold storage providers, and manufacturers of dry ice and solar panels that power vaccine storage trailers.
The reasons for these cyberattacks typically have one predominant motive: financial gain. Criminals are acutely aware that there is an unprecedented urgency to administer millions of vaccine doses. If a company is struck by a cybercriminal, it may be all too willing to dispense with methodical recovery procedures (e.g., restoration from backups), and instead pay a sizable ransom to the attackers so that it can, in theory, quickly reverse the attack. Knowing this is the likely outcome, cyber assaults on the healthcare sector continue to surge in both frequency and sophistication, disrupting our race to stem the tide of the pandemic.
So, what is the best medicine for preventing cyberattacks? There are a number of tactics you can take to help your business fortify its defenses against attacks, including:
• Cybersecurity Assessments
o If you don’t know what data you have or how well it is being defended, it is difficult to protect your business. Cybersecurity assessments help businesses identify and protect the most critical systems and data, recognize and prioritize gaps, and build a roadmap to a safer and more secure environment.
• Security Awareness Training and Spear-Phishing Simulations
o Since the genesis of over 90% of data breaches is a spear-phishing attack, it is imperative to train employees to identify and avoid this threat. Cybersecurity awareness training and spear-phishing simulations can help you to avoid these deceptive social engineering attacks.
• Penetration Testing
o A misconfigured network device or unpatched operating system can open the door for cyber criminals to enter your business. Enlisting a vulnerability management expert to act as a “simulated bad guy” and conduct internal and external penetration testing will help you identify and address any vulnerabilities.
Citrin Cooperman’s Technology, Risk Advisory, and Cybersecurity (TRAC) practice offers integrated services in the areas of risk, technology, and compliance, so our clients can focus on what counts – their business.
Citrin Cooperman is a nationally recognized, full-service CPA firm, currently ranked in the U.S. top 25. The firm offers assurance, tax, and business advisory services to help clients remain competitive in today’s market.
Kevin Ricci is a Principal in Citrin Cooperman’s Providence office. As part of the firm’s TRAC practice, Kevin offers clients specialized technology expertise and cybersecurity solutions, including consulting, IT risk assessments, cybersecurity awareness training, project management, database development, data analysis, and data compliance services. To help maintain healthy cybersecurity, consider setting up a meeting to discuss how Citrin Cooperman can help protect your business. Kricci@citrincooperman.com
500 Exchange Street, Suite 9-100 | Providence, RI 02903 | 401-421-4800 | citrincooperman.com