Continuous monitoring of security throughout the medical device product lifecycle also poses problems. Credit: Leo Wolfert / Getty Images The top cybersecurity challenge faced by medical device makers is managing a growing set of tools and technologies, according to the results of a global survey released Wednesday by software risk assessment company Cybellum.The survey, conducted by Global Surveyz, an independent survey company, polled 150 senior decision makers from North America, Europe and Asia. It shows that while device security is in its infancy, it is managed by many fragmented tools. “Siloed and fragmented processes and tools are much less efficient and effective and limit the ability to assess the business impact of device security on the organization as a whole,” the report says.It also finds that continuously managing product security is a huge challenge to device makers. Nearly half the survey respondents (43%) identify continuous management as the second greatest challenge facing security teams. In response to that challenge, 37% of the participants say they’re making “shift left” a priority in their development lifecycles. Medical devices can be hacked like computers“If you shift left in the development process, the earlier you can detect vulnerabilities, the less it will cost you as a company,” Cybellum CMO David Leichner explains in an interview. “Monitoring has to be continuous. You can’t just check the device in the design phase. You have to check it as your developers integrate its components and software, to make sure no threats are introduced, and you have to be able to check it when it’s in the market.” Trying to manage complex security challenges can be difficult if you don’t have a cybersecurity mindset, Leichner adds. “These devices are computers. They can be hacked like computers. Until that becomes the mindset as these device makers, you won’t have real security in the medical device industry.”Bare compliance minimum not enough for device securityThe researchers also note that respondents seem to be ambivalent about cybersecurity. Eighty-three percent of the survey respondents (83%) say device security can give them a competitive edge in the market. Yet, 80% find it a necessary evil imposed by regulators. “Part of the reason for those opposing views has to do with the fact that, while there has been a lot of recalls for vulnerabilities, we haven’t seen a hack of medical devices that has caused major, major damage,” Leichner says. “It’s expected that will happen.” In addition, more than three quarters of the participants (78%) say they do the minimum to achieve compliance. That may help explain why, on average, only half of companies are meeting their compliance obligations, the report notes.Compliance standards usually regulate the minimal efforts needed for security, Leichner says, so if companies are doing the bare minimum perhaps they are not taking device security seriously enough, and instead are hyper-focused on getting products to market quickly. Related content news Bug in EmbedAI can allow poisoned data to sneak into your LLMs The vulnerability can be used to deceive a user into inadvertently uploading and integrating incorrect data into the application’s language model. By Shweta Sharma May 31, 2024 3 mins Generative AI Vulnerabilities news OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops OpenAI’s generative AI tools were used to create and post propaganda content on various geo-political and socio-economic issues across social media platforms, the company said. By Gyana Swain May 31, 2024 4 mins Generative AI news Okta alerts customers against new credential-stuffing attacks Hackers are using credential-stuffing to attack endpoints that are used to support the cross-origin authentication feature. By Shweta Sharma May 31, 2024 4 mins Identity and Access Management Vulnerabilities feature 3 reasons users can’t stop making security mistakes — unless you address them Understanding what’s behind employee security mistakes can help CISOs make meaningful adjustments to their security awareness training strategies. By Ariella Brown May 31, 2024 5 mins Data Breach Risk Management PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe