Continuous monitoring of security throughout the medical device product lifecycle also poses problems. Credit: Leo Wolfert / Getty Images The top cybersecurity challenge faced by medical device makers is managing a growing set of tools and technologies, according to the results of a global survey released Wednesday by software risk assessment company Cybellum.The survey, conducted by Global Surveyz, an independent survey company, polled 150 senior decision makers from North America, Europe and Asia. It shows that while device security is in its infancy, it is managed by many fragmented tools. “Siloed and fragmented processes and tools are much less efficient and effective and limit the ability to assess the business impact of device security on the organization as a whole,” the report says.It also finds that continuously managing product security is a huge challenge to device makers. Nearly half the survey respondents (43%) identify continuous management as the second greatest challenge facing security teams. In response to that challenge, 37% of the participants say they’re making “shift left” a priority in their development lifecycles.Medical devices can be hacked like computers“If you shift left in the development process, the earlier you can detect vulnerabilities, the less it will cost you as a company,” Cybellum CMO David Leichner explains in an interview. “Monitoring has to be continuous. You can’t just check the device in the design phase. You have to check it as your developers integrate its components and software, to make sure no threats are introduced, and you have to be able to check it when it’s in the market.” Trying to manage complex security challenges can be difficult if you don’t have a cybersecurity mindset, Leichner adds. “These devices are computers. They can be hacked like computers. Until that becomes the mindset as these device makers, you won’t have real security in the medical device industry.”Bare compliance minimum not enough for device securityThe researchers also note that respondents seem to be ambivalent about cybersecurity. Eighty-three percent of the survey respondents (83%) say device security can give them a competitive edge in the market. Yet, 80% find it a necessary evil imposed by regulators. “Part of the reason for those opposing views has to do with the fact that, while there has been a lot of recalls for vulnerabilities, we haven’t seen a hack of medical devices that has caused major, major damage,” Leichner says. “It’s expected that will happen.” In addition, more than three quarters of the participants (78%) say they do the minimum to achieve compliance. That may help explain why, on average, only half of companies are meeting their compliance obligations, the report notes.Compliance standards usually regulate the minimal efforts needed for security, Leichner says, so if companies are doing the bare minimum perhaps they are not taking device security seriously enough, and instead are hyper-focused on getting products to market quickly. Related content news Top cybersecurity product news of the week New product and service announcements from Coro, Descope, Genetec, Varonis, Cloudbrink, Databarracks, and Security Journey By CSO staff Dec 07, 2023 22 mins Generative AI Generative AI Machine Learning news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. By Lucian Constantin Dec 06, 2023 5 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news BSIMM 14 finds rapid growth in automated security technology Embrace of a "shift everywhere" philosophy is driving a demand for automated, event-driven software security testing. By John P. Mello Jr. Dec 06, 2023 4 mins Application Security Network Security news Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. By Gagandeep Kaur Dec 06, 2023 4 mins IT Jobs Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe