COVID-19 Vaccine Intellectual Property | Cybersecurity Solutions | The Cyber Review

May 7, 2021
Written by Farah

The article below discusses Canada's role in COVID-19 vaccine and intellectual property rights. Will they be loosened to help developing countries? And, how organizations can collaborate with government and employees to tackle cybersecurity as a whole.

Justin Trudeau non-committal on waiving intellectual property rights for COVID-19 vaccines

Prime Minister Justin Trudeau stated that Canada is committed to making COVID-19 vaccines available around the world and will consider waiving intellectual property rights along with vaccine makers to improve that access.

Canada, the U.S. and the European Union have been under pressure from progressive groups and the World Health Organization (WHO) to surrender IP rights as COVID-19 cases mount in some countries. U.S. President Joe Biden said this week his administration would not block efforts to loosen IP protections.

The initial IP waiver proposal included vaccines, treatments, diagnostic kits, ventilators, protective gear and other products needed to battle the pandemic.

Loosening IP protections will be opposed by some of the COVID-19 vaccine makers, who spent billions of dollars on making the vaccine and are expecting a return on their investment.

The current issue Canada is facing is the dispute between Western countries on the IP issue.

Cybersecurity is too big a job for governments or business to handle alone

Since businesses and governments are interconnected and rely on the same network of software vendors, they expose each other to tons of cyber-risks. The recent attack on SolarWinds made it clear that handling cyberattacks is too big a job for either government or business to tackle alone which is why collaboration is needed.

Here are ways business and government can work together:

  1. Share threat intelligence

    Business and government have different sources of information and intelligence which they should pool together so it can help each understand cyber threats better. This type of information sharing is not widely practiced or not consistent due to a lack of reciprocation, hesitancy in disclosing secrets, or exposing potential risks.
  2. Align cybersecurity education with current needs

    There is already a shortage of cybersecurity professionals, but the goal is not only to attract more people in cybersecurity, it's also to ensure that the curriculum enables trainees to keep pace with fast-changing threats. There are many programs that are government funded that offer on the job training in addition to a formal education to get young professionals to gain hand on experience from the beginning.

  3. Sharpen incident-response capabilities

    Organizations need to have effective cybersecurity plans that are well-rehearsed and team members know the steps to take if a cyber attack occurs. They should not just be training workshops, but role plays with the strategy. Focus on more training exercises to be better prepared.
  4. Build security by design

    Human error plays a huge role in a successful cyberattack. This is something we can't completely eliminate as human will make mistakes. But, what we can do is build better security into devices before rushing to bring new products or devices into the market.

Cybersecurity: Don't blame employees, make them feel like part of the solution

Human error in cybersecurity is inevitable, so companies need to focus on cybersecurity strategies instead of blaming employees.  

Amy C. Edmondson is a behavioural scientist at the Leadership and Management at the Harvard Business School, who studies leadership, teaming, and organizational said she believes a lack of psychological safety results in a "blame culture."

Edmondson coined psychological safety and defines it as: "Where blame is not apportioned, but instead every mistake is treated as a learning opportunity, mistakes ultimately improve performance by providing opportunities to find the systemic causes of failure and implement measures for improvement."

Here are ways organizations can involve employees in the security process:

  1. Focus on specific areas of risk
  2. Give real-world examples
  3. Be transparent
  4. Let employees test out training