How to Protect valuable Intellectual Property and Data on COVID-19 Vaccine

In the wake of the COVID-19 pandemic, the worst affected countries, including the US, India, and UK need to develop enough doses of vaccines to fight their way back to good public health and economic recovery.

Although that's ideal, the SARS-CoV-2 (virus that causes COVID-19) vaccine supply chain is abundant with logistic complexities. The massive valuable intellectual property and data on the numerous vaccines, components, and therapeutics are comparatively comfortable for threat actors to pilfer. Nation-states are already attempting to steal vaccine formulae and develop vaccines.

Everybody in researching, developing, conducting trials, manufacturing, or distributing the vaccine against COVID-19 is a potential target because of the increasing cyberattacks. If one is a player in the highly intertwined network of big pharma, biotech, health and clinical research institutions, contract development and manufacturing organisations (CDMOs), he can make others aware of the potential cyberattacks.

Potential Threats

Nation-state hackers who are persistent, patient, well-funded, and sophisticated can destabilise vaccine development and supply chain using a variety of methods:

• IP theft at research stage
• IP theft and disruption at the trials
• Manufacturing disruptions
• Low vaccine uptake and reputational damage due to disinformation

Fighting the Threats

Most affected organisations are easy to target. For many health research organisations, the extent of potential foreign influence through their international connections is a blind spot. Additionally, manufacturing sites frequently operate outdated, unpatched, or insecurely installed systems. Insecure networks, lack of privilege access management, lack of removable media control, and vendor connectivity further lead to insufficient resiliency.

The ability to fight cyberattacks rests on the strength of the cybersecurity and compliance programs. It may be intimidating to shore up all at once. Here's how a country can safeguard their COVID-19 vaccine formula:

Sharpen Threat Hunting

Drawing an overall picture of the attack surface and recognizing potential attackers, their motives, and their ways of doing things may help prevent an attack. Additionally, hackers can exploit system weaknesses, misconfigurations, and vulnerabilities to get privileged access once they hack a system. Organisations must strengthen personal access management capabilities to include vendor remote access.

Manage Third-party Risks

Vaccine R&D and manufacturing activities rely on any third parties. Cyber-criminals often use organisations with weaker cybersecurity. Assessing the cyber posture of third parties might be helpful.

Scrutinise physical and digital connections to hospitals that have come under ransomware attacks by foreign-based cybercriminals. Ransomware attacks have surged in 2020 in most industries, fuelled by an influx of new ransomware hackers, the expansion of existing affiliate schemes, and the pursuit of higher revenues by experienced cybercriminals.

Segment Network Access

With network segmentation, countries can better isolate an incident, reduce attack surface and prevent propagation of ransomware.

Response Plan

Any organisation researching vaccines, trials, manufacturing, and distribution should have a crisis response and remediation plan. An effective response plan includes followed elements:

Conduct Incident Response Simulations

An organisation can conduct these exercises at the C-suite level, preferably with the board, not just within IT and security groups. It must plan to remediate system and process gaps, with varying approaches for different types of attacks, including phishing, ransomware.

If an organisation doesn't have a crisis centre, it should set up one immediately to monitor and communicate threats, as appropriate to stakeholders, including the board.

Build a Resilience Team

The organisation should think beyond crisis management, disaster recovery, or business continuity planning and build a resilience team. An effective response plan needs a capable leader who can quickly orchestrate the activities of functions scattered throughout the organisation—after picking a leader, assigning roles and responsibilities to people who can resilience playbook is required.

Engage with Law Enforcement and Governmental Agencies

An attack by a nation-state is a national security issue by default, triggering potential association by the Federal Bureau of Investigation, Department of Homeland security, and Cybersecurity and Infrastructure Security Agency. The federal government has a substantial stake in protecting due to its US $11 billion investment in vaccine development through Operation Wrap Speed. Hence, establishing a working relationship with the federal agencies may help enforce the law and retain responsibility for the communication to the customers, investors, and other stakeholders.

The stakes are undoubtedly high. Pharmaceutical and biotech companies are racing to avail the financial and reputational advantage of being first-to-market.

As per the Edelman Trust Barometer spring update, the pharmaceutical industry generated a record high of 73% of interviewees globally, who said they trust the industry. Some countries are likely attempting to steal IP, bring about the disorder, and create a mistrust level. Pharmaceutical companies, the face of the world's way out of the pandemic, need to lead the entire ecosystem to ensure the spring 2020 surge isn't just a trust bubble.