Vulnerable Endpoints Threaten Supply Chain Cybersecurity

COVID-19 supply chains, essential during the pandemic, face cyber threats every day. Cybercriminals are intent on stealing data for money and disrupting deliveries of medical supplies.

VentureBeat reports on data breach history within the health care and pharmaceutical industries and the need for a coordinated approach across supply chains to improve their cybersecurity.

Cold Chain Attacks

Last year, you may recall that hackers used a spear-phishing email campaign to attack the cold chain delivery of COVID-19 vaccines — disclosed in the IBM Security X-Force research blog.

Endpoint Vulnerabilities

Absolute’s 2021 Endpoint Risk report found that 52% of endpoints have installed three or more endpoint management tools. Organizations need to overcome the tendency to overload endpoints because the more complex their configurations become, the more challenging they are to protect.

Key findings in the Cybersecurity Insider’s 2020 State of Enterprise Security Posture Report include:

• A 64% majority of organizations are lacking confidence in the state of their security posture. This is driven by inadequate visibility.
• 90% of organizations believe that phishing and ransomware are the top threats facing their organization, but only half have sufficient visibility into these challenges.
• 60% of organizations are aware of fewer than 75% of the devices on their network. This lack of asset awareness makes it difficult to improve security posture.
• 80% of organizations provide more access privileges than are necessary for users to do their jobs.
• 17% even say most or all users have too many access privileges.
• Cybersecurity leaders struggle to communicate their security posture to the board and senior management.

Upgrading endpoints for greater visibility, control, and compliance is top-of-mind for health care and pharma manufacturers.

Top 7 Endpoint Security Upgrades:

1. Pharma supply chains need an industry-wide unified endpoint management (UEM) standard to close gaps between suppliers.
2. Zero trust frameworks are foundational cybersecurity to pharma supply chains.
3. Patch management needs to progress beyond inventory management. 
4. Track-and-traceability needs to be digital-first to protect supply chains.
5. Adding greater security to identities is a must-have across the entire pharma supply chain.
6. Health care and pharma supply chains need to make multi-factor authentication (MFA) a requirement of doing business.
7. Privileged access management (PAM) to prevent hackers from obtaining privileged access credentials – a primary goal of hackers.  

The Human Factor

We would be remiss if we did not emphasize the need for cybersecurity awareness training and communication. According to Cybint 95% of cybersecurity breaches are due to human error. Moving from awareness of potential cyber threats to taking action to identify and prevent them requires a change in perspective and behavior. Yes, this could happen to your organization if the entire team is neither trained nor communicating.

Call to Action

The attack and disruption evidence during the pandemic has sparked a call to action that goes beyond health care and pharma:

Innovation around endpoints (such as real-time monitoring of every endpoint and tracking of each device’s configuration and activity) will help to improve supply chain cybersecurity in all industry sectors.

Featured Image (top) by Gerd Altman from Pixabay