Putting Cybersecurity Into Practice: where to start | Agoria

Putting Cybersecurity Into Practice: where to start

Published on 04/08/21 by Nele Laus
In the past decade, the healthcare sector saw many new technologies such as tele-medicine, e-pharmacy, home healthcare and so many others. These technologies bring healthcare services directly to the patients, allow for more efficient healthcare and provide new insights into the treatment through the acquired data.

Whether you are developing a mobile application that guides a patient through their treatment, a wearable that monitors a patient’s vitals or a new patient administration platform, it’s important to realize that the technologies used by your product have a direct impact on the cyber-threats to which your product is exposed. While it’s easy to regard cybersecurity as a hurdle to overcome during the early stages of development and adoption of your product, it should not be neglected. Without it, you’ll face great difficulty in realizing and maintaining future growth.

Cybersecurity as a sales enabler

Cybersecurity is an opportunity. It can be a key differentiator for your product, and add significant value to it in the eyes of the consumers. It is important to realize that customers are increasingly aware that cybersecurity is important, especially when it comes to healthcare applications that directly impact their well-being. They are learning to ask the hard questions: is the product secure? Can it be hacked? Has it been tested? Will I die if it gets compromised? Is my medical data secure?

To answer these questions, trust has to be established. This is not as easy as writing a single blog post that addresses these concerns. While it’s a good start, the answer actually lies in a complex process that involves cultivating trust for an organization and its products. It’s a process that involves a solid story and stamps of approval from different respected third parties. It is also a continuous process, in which the cybersecurity maturity of an organization is constantly tested due to cyber incidents that loom around the corner.

One thing is certain - if this trust is cultivated and maintained over a long period of time, it is definitely something that consumers will appreciate and factor in their purchasing decisions. 

Cybersecurity – where to start

Embedding cybersecurity efficiently into the core of your business and products can feel like a daunting task, do know that you don’t have to re-invent the wheel. There are many resources, frameworks and certification schemes out there from which you can start. 

So where do you start? On an organizational level, it’s important to tackle cybersecurity one step at a time in a continuous process. In a first step focus on creating a cybersecurity roadmap that takes into account the current maturity of your company and its products. Start by defining quick wins that you can achieve today, while preparing and opening the road for your future ambitions. 

For product security, the Open Web Application Security Project (OWASP) provides many guidelines and security requirements from which you can start. To name a few, the OWASP SAMM (Software Assurance Maturity Model) is an OWASP framework that enables you to self-assess, formulate, and implement, a strategy for software security that you can integrate into your existing Software Development Lifecycle (SDLC). Additionally, the OWASP Internet of Things Security Verification Standard (ISVS) provides realistic and actionable security requirements for connected products and the ecosystems in which they reside. The latter has become increasingly relevant with the advent of connected physical products.

Additionally, note that the regulatory landscape is also changing. With NIS 2.0 right around the corner, medical products will more and more be subject to strict regulation. It’s therefore of the utmost importance that you design today’s products with security in mind, as tomorrow, they might no longer pass the bar. 

Find out more about operationalizing cybersecurity in health-tech, in the free session on August 10th from 11:45-12:30. Click here for more information and registration!

Guest contribution by Cédric Bassem, manager IoT security at NVISO (https://www.nviso.eu/), very experienced in health-tech security, and co-author of the OWASP ISVS framework. 

Was this article useful?