At J&J, Some 15.5 Billion Potential Cyberattacks Each Day -- Journal Report
June 08 2021 - 4:17PM
Dow Jones News
Covid-19 vaccines have transformed the global economy. The
companies that produce them, meanwhile, already a big target for
hackers, have to be more on their toes than ever.
Marene Allison, chief information security officer at Johnson
& Johnson, oversees the company's efforts to protect its
operations from cybercrime. Ms. Allison spoke about the challenges
J&J faces with Daniela Hernandez, a reporter for The Wall
Street Journal, as part of the WSJ Pro Cybersecurity Executive
Forum. Edited excerpts of their online interview follow.
WSJ: Can you give us a sense of how often cyberattacks have been
happening in your experience at J&J?
MS. ALLISON: We're seeing what I would consider 15.5 billion
incidents a day. Now how many of them become attacks and get
investigated is a much lower number.
Some are as simple as malware that is just knocked out of the
system. We have big data sets. We're bringing in logs and
detections from around the world continually. And then we're
looking at it with machine learning and AI, as well as other
alerts, to know if we have a problem or not. It could be as simple
as a log on a server giving an alert that says something is
happening. It may be nothing.
WSJ: Can you talk more about the sources of the threats?
MS. ALLISON: I bracket them into four main threats. The first
one is on the top of the news: nation-state attacks. Looking at the
countries that are primarily in this field, it's China, Russia,
North Korea and Iran, but many, many others.
Then you have something called a criminal element that over the
last 10 years has increased from very small to very large. What we
see with ransomware today, that's mostly criminal enterprise. They
may be allowed by some countries to operate in those countries, but
it's a criminal enterprise.
Then you have hacktivists: people with a cause, on a mission.
They don't like something a company does, or don't like the stand
of a company. They will go ahead and start campaigns that companies
have to deal with.
And the other is insiders. Everything from a disgruntled
employee, someone who may have gotten notice; but some countries
are actually sending people over, through educational visas, to get
jobs or to work on special programs, so they actually can steal the
data from inside.
WSJ: How do you tackle each individual threat?
MS. ALLISON: For the nation states, the criminal and the
hacktivist, you're pretty much going to use your normal toolset:
the ability to detect malware, spearphishing, code that's inside
your company moving laterally. Also working with third parties from
the outside.
For the insider threat, you may have to work with your global
security organization, your legal department, your HR organizations
and others on policies and procedures, as well as potentially
privacy rules, in different jurisdictions around the globe.
WSJ: When it comes to the vaccine, which is important for the
economy, how often do you communicate with the government on
potential cyber threats to that kind of information, development
information?
MS ALLISON: Under Operation Warp Speed, we did work very closely
with the government. And we were able to have communications, work
with Health and Human Services and the Food and Drug
Administration, very, very closely. My very first call when I found
out that we were doing the vaccine was to Chris Krebs,
[then-]director of the Department of Homeland Security's
Cybersecurity and Infrastructure Security Agency, to start the
conversation.
The other conversations were with my peers that were also
creating the vaccine. I think almost weekly, biweekly, we'd have
conversations and meetings with the security element of what was
then called Operation Warp Speed -- not only cyber but also
physical, conversations about what was happening so that people
would know if people had stolen vaccines, and not just J&J, but
the whole community.
Write to reports@wsj.com
(END) Dow Jones Newswires
June 08, 2021 16:10 ET (20:10 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.
Johnson and Johnson (NYSE:JNJ)
Historical Stock Chart
From Mar 2024 to Apr 2024
Johnson and Johnson (NYSE:JNJ)
Historical Stock Chart
From Apr 2023 to Apr 2024