Penetration testing offers two important benefits — security and regulatory compliance. Rising cybercrime, such as the Equifax breach, has affected millions of Americans who now insist on knowing that companies will keep their data secure. And government regulators are happy to help them do it by penalizing companies that do not comply with federal guidelines.
Last month, the FDA issued a warning about software vulnerabilities on multiple medical devices, including infusion pumps, anesthesia machines, and imaging systems. These vulnerabilities allow threat actors to trigger information leaks, gain access to hospital networks and, most worryingly, remotely control the devices themselves.
Historically, small businesses thought about security in terms of physical property. To protect the items inside the store or office, business owners purchased locks, installed alarm systems, and sometimes hired security guards. Today, however, property crimes are continuing their 25-year decline, meaning the chances of a break-in at your business are about half what they were in 1993. Cybercrimes, however, are the new playground for criminals.
When people talk about medical device security, the conversation often turns to data security and HIPAA. There’s plenty to be said about protecting patient privacy, but patient safety is a greater concern.
More than 65 percent of senior decision-makers at small businesses still believe that they’re unlikely to be targeted by cybercriminals. About 60 percent of those businesses have no defense plan in place and an estimated 14 percent are insufficiently prepared to respond if an attack does occur.
The lack of qualified professionals at major businesses with knowledge in cybersecurity is exacerbating data breaches, and has been called an “existential threat to our national security.” What there doesn’t seem to be a consensus on is how that problem should be solved. Are there really not enough qualified people to fill the cybersecurity skills gap? The short answer is no.
This blog post is a transcript of Alpine Security’s Risk Management Framework (RMF) Overview video, which covers an overview of RMF, as defined by NIST 800-37r2. Each step in the process is discussed at a high level:
If you are clear on a career in cybersecurity, spending 4 years on a bachelor’s degree is more than likely a waste of your time and money. You can learn everything for free on the Internet. And, are “core” courses really going to help you? Political science, art appreciation, history?
Common sense is not always common practice, especially with cybersecurity. Most of the breaches we see today are not because some super cool artificial intelligence firewall failed.
Connect with Us
- At Risk: Medical Device Cybersecurity Vulnerabilities Expose Patients to Life-threatening Consequences
- 5 Reasons to Hire a Fractional CISO
- Why Private Cybersecurity Training Matters for Your Organization
- Is the CEH Certification Right For You?
- Internal Penetration Test vs Vulnerability Assessment: Which is Right for You?
- Best Beginner Cybersecurity Certification to Get
- Over-complicating Risk in Cybersecurity
- Hacking Medical Devices for Profit, Terror, Assassination, and Enemy Advancement
- Certified Cybersecurity “Professionals” – Reboot Required
- Penetration Testing for Compliance: The Top 5 Laws and Regulations that Require Testing
- Securing Medical Devices – Is it Possible?
- The State of Small Business Cybersecurity in 2020
- Medical Device Security: Patient Safety Takes Precedence Over Privacy
- Hidden Costs of the Small Business Data Breach
- The Myth of the Cybersecurity Skills Gap