Cybersecurity is everyone's responsibility

"Resilience is the capacity to recover quickly from difficulties. This should be the essence of your cybersecurity strategy"
-Stephane Nappo, 2018 CISO of the year

A look at today's cybersecurity challenges

As you know, cybersecurity teams need to keep track of a myriad of things, including:

legacy debt
technology debt
dependency relationships
evolution of technology
doing more with less (smaller budget, fewer resources and tools)
medical devices that are always, periodically, or accidentally connected to the internet (Internet of Things (IoT))
last-minute priorities
unscheduled downtime
product evolution
zero-day vulnerabilities
auditibility
constantly evolving cybersecurity threats which necessitate a paradigm shift from putting cybersecurity responsibility on customers to ensuring security on the MDM side
issues getting the proper information from vendors to identify vulnerabilities and assess risk

This list is not exhaustive and is constantly growing. It's not something that your team can handle without everyone's cooperation and collaboration in identifying cybersecurity risk.

Narrowing down to medical device cybersecurity

There are many nuances of medical device cybsecurity that you team needs to handle, including (but not limited to):

Development (Software Development Lifeycle (SDLC)
Shadow IT
Connected devices
Encryption of device communication to ensure data integrity and privacy
Data protection
Patient safety

Everyone needs to worry about cybersecurity

"Resilience is how we go on the offensive in Information Security."
-Leigh McMullen, Gartner

To ingrain cybersecurity into your company culture, here are some suggestions:

Teach people about security and how to identify security concerns. Make them comfortable talking about security.
Ensure that everyone understands that they are each a stakeholder in protecting your company from cyber attacks
Hold people accountable for identifying cybersecurity concerns. Empower them to take quick action to resolve problems
Provide clear paths for people to escalate and de-escalate cybersecurity concerns
Institute a practice of continual risk assessment and management

PreviousWhy do I need a Quality Management System (QMS)?NextCybersecurity terminology

Last updated 1 year ago

Was this helpful?

A look at today's cybersecurity challenges

As you know, cybersecurity teams need to keep track of a myriad of things, including:

legacy debt

technology debt

dependency relationships

evolution of technology

doing more with less (smaller budget, fewer resources and tools)

medical devices that are always, periodically, or accidentally connected to the internet (Internet of Things (IoT))

last-minute priorities

unscheduled downtime

product evolution

zero-day vulnerabilities

auditibility

constantly evolving cybersecurity threats which necessitate a paradigm shift from putting cybersecurity responsibility on customers to ensuring security on the MDM side

issues getting the proper information from vendors to identify vulnerabilities and assess risk

This list is not exhaustive and is constantly growing. It's not something that your team can handle without everyone's cooperation and collaboration in identifying cybersecurity risk.

Narrowing down to medical device cybersecurity

There are many nuances of medical device cybsecurity that you team needs to handle, including (but not limited to):

Development (Software Development Lifeycle (SDLC)

Shadow IT

Connected devices

Encryption of device communication to ensure data integrity and privacy

Data protection

Patient safety

Everyone needs to worry about cybersecurity

"Resilience is how we go on the offensive in Information Security."

-Leigh McMullen, Gartner

To ingrain cybersecurity into your company culture, here are some suggestions:

Teach people about security and how to identify security concerns. Make them comfortable talking about security.

Ensure that everyone understands that they are each a stakeholder in protecting your company from cyber attacks

Hold people accountable for identifying cybersecurity concerns. Empower them to take quick action to resolve problems

Provide clear paths for people to escalate and de-escalate cybersecurity concerns

Institute a practice of continual risk assessment and management