Covid-19 vaccines have transformed the global economy. The companies that produce them, meanwhile, already a big target for hackers, have to be more on their toes than ever.
Marene Allison, chief information security officer at Johnson & Johnson, oversees the company's efforts to protect its operations from cybercrime. Ms. Allison spoke about the challenges J&J faces with Daniela Hernandez, a reporter for The Wall Street Journal, as part of the WSJ Pro Cybersecurity Executive Forum. Edited excerpts of their online interview follow.
WSJ: Can you give us a sense of how often cyberattacks have been happening in your experience at J&J?
MS. ALLISON: We're seeing what I would consider 15.5 billion incidents a day. Now how many of them become attacks and get investigated is a much lower number.
Some are as simple as malware that is just knocked out of the system. We have big data sets. We're bringing in logs and detections from around the world continually. And then we're looking at it with machine learning and AI, as well as other alerts, to know if we have a problem or not. It could be as simple as a log on a server giving an alert that says something is happening. It may be nothing.
WSJ: Can you talk more about the sources of the threats?
MS. ALLISON: I bracket them into four main threats. The first one is on the top of the news: nation-state attacks. Looking at the countries that are primarily in this field, it's China, Russia, North Korea and Iran, but many, many others.
Then you have something called a criminal element that over the last 10 years has increased from very small to very large. What we see with ransomware today, that's mostly criminal enterprise. They may be allowed by some countries to operate in those countries, but it's a criminal enterprise.
Then you have hacktivists: people with a cause, on a mission. They don't like something a company does, or don't like the stand of a company. They will go ahead and start campaigns that companies have to deal with.
And the other is insiders. Everything from a disgruntled employee, someone who may have gotten notice; but some countries are actually sending people over, through educational visas, to get jobs or to work on special programs, so they actually can steal the data from inside.
WSJ: How do you tackle each individual threat?
MS. ALLISON: For the nation states, the criminal and the hacktivist, you're pretty much going to use your normal toolset: the ability to detect malware, spearphishing, code that's inside your company moving laterally. Also working with third parties from the outside.
For the insider threat, you may have to work with your global security organization, your legal department, your HR organizations and others on policies and procedures, as well as potentially privacy rules, in different jurisdictions around the globe.
WSJ: When it comes to the vaccine, which is important for the economy, how often do you communicate with the government on potential cyber threats to that kind of information, development information?
MS ALLISON: Under Operation Warp Speed, we did work very closely with the government. And we were able to have communications, work with Health and Human Services and the Food and Drug Administration, very, very closely. My very first call when I found out that we were doing the vaccine was to Chris Krebs, [then-]director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, to start the conversation.
The other conversations were with my peers that were also creating the vaccine. I think almost weekly, biweekly, we'd have conversations and meetings with the security element of what was then called Operation Warp Speed -- not only cyber but also physical, conversations about what was happening so that people would know if people had stolen vaccines, and not just J&J, but the whole community.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.