Cybersecurity is everyone's responsibility

"Resilience is the capacity to recover quickly from difficulties. This should be the essence of your cybersecurity strategy"

-Stephane Nappo, 2018 CISO of the year

A look at today's cybersecurity challenges

As you know, cybersecurity teams need to keep track of a myriad of things, including:

  • legacy debt

  • technology debt

  • dependency relationships

  • evolution of technology

  • doing more with less (smaller budget, fewer resources and tools)

  • medical devices that are always, periodically, or accidentally connected to the internet (Internet of Things (IoT))

  • last-minute priorities

  • unscheduled downtime

  • product evolution

  • zero-day vulnerabilities

  • auditibility

  • constantly evolving cybersecurity threats which necessitate a paradigm shift from putting cybersecurity responsibility on customers to ensuring security on the MDM side

  • issues getting the proper information from vendors to identify vulnerabilities and assess risk

This list is not exhaustive and is constantly growing. It's not something that your team can handle without everyone's cooperation and collaboration in identifying cybersecurity risk.

Narrowing down to medical device cybersecurity

There are many nuances of medical device cybsecurity that you team needs to handle, including (but not limited to):

  • Development (Software Development Lifeycle (SDLC)

  • Shadow IT

  • Connected devices

  • Encryption of device communication to ensure data integrity and privacy

  • Data protection

  • Patient safety

Everyone needs to worry about cybersecurity

"Resilience is how we go on the offensive in Information Security."

-Leigh McMullen, Gartner

To ingrain cybersecurity into your company culture, here are some suggestions:

  • Teach people about security and how to identify security concerns. Make them comfortable talking about security.

  • Ensure that everyone understands that they are each a stakeholder in protecting your company from cyber attacks

  • Hold people accountable for identifying cybersecurity concerns. Empower them to take quick action to resolve problems

  • Provide clear paths for people to escalate and de-escalate cybersecurity concerns

  • Institute a practice of continual risk assessment and management

Last updated

© Copyright MedCrypt 2023, All rights reserved.