It would not be an exaggeration to say that COVID-19 vaccines are the most sought-after commodity today. Vaccine producers are working overtime to produce enough vaccine doses to fulfill government commitments and timelines. While pharmaceutical companies stepped up their production schedules to develop and test vaccines, adversaries tracked the news and devised campaigns to leverage the momentum generated by news coverage. They capitalize on the fear, uncertainty, and doubt (FUD) of people to spread misinformation and to plan attack vectors. Fake websites are purporting to offer (mis)information about vaccine distribution. There are attacks on vaccine supply chains and networks of pharma companies too.
Some of these attacks on pharma companies originate from mixed motivations. Some adversaries launch cyberattacks for financial gain – to steal and sell vaccine-related information or clinical trial data, while others are directed to disrupt vaccine production.
The Cover Story of the April 2021 issue of CISO MAG focuses on the types of attack vectors on pharma companies and consumers. Security experts from various organizations offer solid evidence and testimonials – with advice to contain these attacks.
In the Under the Spotlight section, we have interviewed Heath Renfrow, CISO of Conversant Group and former CISO of United States Army Healthcare, where he stressed how sabotage of vaccine either through propaganda or manipulation is his biggest concern.
In our Insight section, Samantha Humphries, Head of EMEA Marketing & Security Strategy, Exabeam, pens her thoughts on protecting the COVID-19 vaccine supply chain from phishing attacks. She recalls the cyber-espionage attempt focused on the international vaccine supply chain that was leveled as a precisely targeted phishing campaign against the companies involved in the “cold chain” used for preserving and controlling the strict storage temperatures of Pfizer’s COVID-19 vaccine in transit.
Moving ahead, the Buzz section of the issue details the cyberattack against the Indian Power Sector by the Chinese hacking group, RedEcho. The article also offers expert opinions from some of the industry leaders including Dick Wilkinson, CTO, New Mexico Judicial Information Division; Stan Mierzwa, M.S., CISSP, Director and Lecturer, Center for Cybersecurity, Kean University; and Tari Schreider, C|CISO, CRISC, ITILf, MCRP – Senior Analyst, Aite Group.
In our Table Talk Section, John Fokker, Head of Cyber Investigations and Principal Engineer, McAfee, discloses some of the unknown facts about the infamous Babuk Ransomware.
The Knowledge Hub section highlights the responsibilities of a CISO, post-COVID-19. It stresses several CISO powers like securing remote employees, averting social media threats, managing third-party risks, among several others.
Our Campus Corner section talks about EC-Council CodeRed and how the learning platform is tackling the cybersecurity skills gap through commitment, collaboration, and most importantly, change. CodeRed has been made available to students and faculty via EC-Council Academia. Students have access to the latest and most relevant cybersecurity courses developed by world-leading practitioners.
Lastly, in our Kickstarter section, we profile ByteChek, founded by AJ Yawn and Jeff Cook. ByteChek has introduced a cloud-based SaaS solution to automate IT audits and streamline cybersecurity reporting. This platform fits well for companies of all sizes. The ByteChek platform provides a stable security program, automates cybersecurity readiness assessments, and completes SOC 2 audits faster, and the best part – it does all of this from a single platform. Subscribe to CISO MAG
About CISO MAG
CISO MAG – a thought-leadership publication from EC-Council, provides vital stories, trends, interviews, and news from around the security world to help security leaders stay informed. The magazine includes comprehensive analysis, cutting-edge features, and contributions from thought leaders.
EC-Council, officially incorporated as the International Council of E-Commerce Consultants, was formed to create information security training and certification programs to help the very community our connected economy would rely on to save them from a devastating Cyberattack. EC-Council rapidly gained the support of top researchers and subject matter experts around the world and launched its first Information Security Program, the Certified Ethical Hacker. With this ever-growing team of subject matter experts and InfoSec researchers, EC-Council continued to build various standards, certifications, and training programs in the electronic commerce and information security space, becoming the largest cybersecurity certification body in the world. Learn more at https://www.eccouncil.org.