Stolen data, intrusion, industrial espionage, piracy, leaks, phishing, malware, and others: the threats undermining the information safety and security are numerous. They are also proven to be a serious threat for the company’s partners, clients, and end consumers. A real scourge, cybercrime can therefore strongly impact the business’ performance and represents a major economic challenge.
Hackers have realized that and no longer hesitate to attack businesses of all sizes to steal their data, blackmail them, and worse. Recent cybersecurity scandals at large companies remind everyone that a breach can happen to anyone, even with a robust cybersecurity system.
In this respect, cybercrime may impact the competitiveness of professionals who can see their performance and reputation deteriorate because they haven’t protected their digital assets.
Far from being just science-fiction, the market reality is that companies must take effective measures to fight cybercrime. Specifically for medical device manufacturers, this means that securing their wireless internet-enabled medical devices is of grave importance.
To this date, all companies are concerned and should take effective measures to protect themselves against ultra-sophisticated attacks.
Let take some figures to illustrate that: theft of data rose from 62 in 2013; 552 million identities have been exposed according to the Internet Security Threat Report (ISTR), 2014.
To enhance the protective measures and the information management systems in place, companies must have in terms of security of information effective tools, methodologies recognized by experts that meet international standards. In addition, in February 2013, President Obama signed Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” directing NIST to identify existing cybersecurity standards to build a cybersecurity framework with Industry.
This Executive Order was intended for the Federal Government’s cybersecurity initiatives, but it could be helpful for industry as well. NIST’s resulting report is the one cited in the FDA’s guidance document, Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. NIST used ISO 27001 as an informative reference to build most of its Framework Core (http://www.nist.gov/cyberframework/).
ISO / IEC 27001 is an international standard for an information security management system. It describes the requirements for the implementation of an Information Security Management System (ISMS). Its purpose is to select security measures in order to ensure per a defined scope: the protection of the sensitive assets of a business. ISO 27001 is process-oriented and suggests continuous improvement tracks.
It is intended for all types of organizations such as commercial enterprises, NGOs, governments and financial institutions.
Given this definition, it is understandable that protection from increasingly complex threats requires relying on a clear master plan, methodology, tools, and also complying with a standard for implementing appropriate governance. The objective is to establish a process of continuous improvement of safety by promoting the principles of the ISO standard.
Position the Standard as the Central Data
Taking into account the ISO/IEC 27001 standard is therefore a key success factor in the fight against cyber threats. Deployment of security tools without asking the question of compliance with good practice and areas for improvement is therefore not a sustainable approach. Companies must not act hastily, but open a real corporate project devoted to IT security to control the IT risk management (planning, implementation, audit and improvement). Such an approach will create actual, trusted, digital spaces.