Medical companies working on a COVID-19 vaccine have been offered government-funded cyber security training, in an attempt to thwart hackers from stealing research.
Alex Archondakis, a security consultant at Pentest People (https://www.pentestpeople.com/) comments, “Any medical research data that provides an edge in the international race to obtain a COVID-19 vaccine is like the crown jewels and must be guarded just as carefully. Cyber thieves seeking to steal that data will be well-funded and highly resourced, so it’s not surprising that the UK government is investing in educating researchers to help mitigate the risk.
People tend to focus on cyber criminals taking advantage of technical vulnerabilities. However, as we’ve seen with previous high value hacks, organisations’ security can equally be compromised via spear-phishing, whereby specific employees are exploited. Researchers must be made aware of the types of attacks that hackers will employ, which might include gathering information about them from their social media profiles, observing their daily patterns, trying to gain physical access to labs and calling or emailing pretending to be colleagues or suppliers, in the hope that valuable information will be divulged. Medical research staff need to be provided with regular and on-going security training that helps them to follow security best practice at home, on their mobiles, and on social media, as well as in their normal working environment.”
For more information, please visit https://www.pentestpeople.com