The COVID-19 vaccine supply chain is not spared the financially or politically motivated attacks; in fact, it will be targeted more than ever.

The largest global vaccination exercise is currently underway, with organizations worldwide deploying technologies – such as IoT, cloud computing and intelligent supply chain management – to track the entire process from manufacture to the point of administration. 

As the vaccine supply chain becomes increasingly digitalized, securing it becomes more challenging — more potential attack surfaces are exposed, and a growing amount of valuable data is amassed.

Vaccine-related phishing attacks rose by 530% from December 2020 to February 2021, according to the latest research by Unit 42. With threat actors already targeting vaccine manufacturers and distributors, how can we better protect this vital supply chain that is so crucial to saving lives and avoid devastating disruptions? 

CybersecAsia discussed the challenges, trends, and steps healthcare and pharmaceutical organizations can take to mitigate the risks and losses with Ian Lim, Field Chief Security Officer, Asia Pacific, Palo Alto Networks.

What are some cybersecurity risks that have emerged in today’s highly digitalized global supply chain?

Lim: As global supply chains today become increasingly connected and highly digitalized, they have become a principal attack vector for cybercriminals seeking to take advantage of the associated vulnerabilities. This places every single player in the supply chain at greater risk due to the wider attack surface.

Other businesses that rely and work with these supply chain companies, such as retailers and payment providers, could also be potentially implicated. The entire supply chain will be at risk as long as there is a single weak point that can be exploited as an entryway.

Software supply chain attacks are particularly pernicious because they violate the basic trust between software provider and consumer, with hackers evading traditional defenses to jeopardize software and delivery processes. As a result, companies using the corrupted software can find themselves victims to ransomware attacks, proprietary information theft, and commercial sabotage.

Over the years, Palo Alto Networks has observed several cases of software supply chain attacks. More recently, the attack on SolarWinds Orion software left up to 18,000 organizations vulnerable, with evidence pointing to how the attackers were trying to gain widespread, persistent access to a number of critical networks within the US government.

Are there complications that may be magnified as a result of the COVID-19 vaccine’s specific handling needs?

Lim: The COVID-19 vaccine has presented new challenges for supply chain operators, primarily due to the storage conditions of certain vaccines, as well as the scale and urgency of the vaccination rollout.

Faced with immense pressure to fulfil massive demand, vaccine providers are challenged logistically as they have to manufacture and deliver large amounts of the vaccine within a short timeframe. 

Possible complications that may arise include skimping out on security checks and lapses in cybersecurity best practices.

In addition, the temperature-sensitive vaccines have to be transported via a cold chain to ensure their efficacy. Logistics companies that are responsible for delivering the vaccines may rely on IoT tracking devices to regulate temperatures in real-time and ensure that the vaccines arrive safely.

These IoT devices could also potentially be used as an entryway for a supply chain attack, if cybercriminals manage to get their hands on a piece of hardware that has been implanted or modified to change the devices’ behavior.