COVID-19 cases are on the rise in the United States, and many people are experiencing “COVID fatigue” and starting to let their guard down due to the duration of the pandemic. Meanwhile, criminal actors are focused on disrupting, corrupting or otherwise creating crises for the country’s COVID response supply chain. In October, the federal government announced that there is credible information of an “increased and imminent cybercrime threat” to hospitals and healthcare providers in the United States.
The COVID response supply chain expands beyond hospitals and healthcare providers and includes banks, PPE manufacturers and distributors, vaccine manufacturers and distributors, clinical trials, and others. Attacks to the supply chain are considered a national security threat.
Operational security teams at organizations need to be on high alert and take certain precautions to get ahead of the threats. These include, but are not limited to:
- Monitoring SIEM environments, firewalls and VPN traffic
- Strengthening passwords to avoid password spraying brute force attacks
- Creating backups and completing restoration activities
- Patching and maintaining anti-virus software
With so many distractions, including those that arise from remote work, and the fact that end users are often targeted, organizations also need to train employees and anyone with access to their network to slow down and watch for scams. All it takes is one wrong click in a phishing email for an entire supply chain to be exposed. Most employees want to do the right thing, and consistent, ongoing cybersecurity awareness training with regular and varied testing can go a long way in preventing breaches.
It’s equally important for organizations to establish reporting procedures for employees that see suspicious activity or believe they have been a victim of a cyberattack. Sending the information through the right channels as soon as possible ensures the established mitigation strategy can be employed quickly and effectively.
Finally, security incident response plans should be prepared and ready to go. Security incident response plans are sets of instructions that help organizations detect, respond to, and recover from network security incidents. Having a plan and a dedicated and practiced security incident response team helps organizations recover from breaches as quickly as possible. Organizations should also have a business continuity plan in place. Business continuity planning involves the prevention and recovery of potential threats to a company and helps ensure that all personnel and assets are well protected and can be recovered in the event of a disaster or attack. A solid business continuity plan should include arrangements that help maintain a continuous supply of critical products and services that allow a business to recover its data, assets and facility. The plan should also identify resources that support business continuity, such as information, equipment and legal counsel.
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have released a joint cybersecurity advisory with more detailed information about the credible threat that references their joint Ransomware Guide that includes best practices to prevent, protect and/or respond to an attack.
Hartman’s cybersecurity experts work with organizations to recognize, manage and prevent security threats, thereby safeguarding your valuable information assets. Contact us to learn more and discuss how we can help you strengthen your security position and avoid COVID fatigue.