Last updated at Thu, 10 Aug 2023 22:15:34 GMT
In a post-p和emic l和scape, the interconnectedness of cybersecurity is front 和 center. Few could say that they were not at least aware of, 如果不直接受影响, the downstream effects of major breaches that cause impacts felt across economies. One should look at disruptions in the global supply chain as case in point.
So the concept of security that goes from the cradle to the grave, is more than just an industry buzz phrase, it is a critical component of securing networks, 应用程序, 和设备.
可悲的是, 在很多情况下, cradle to grave security was either not considered at conception, 或者完全被忽视. 作为一个 新报告 released today by Rapid7 principal researcher, 海兰德指出, even when organizations are able to take steps to mitigate concerns at the grave portion of the life cycle, 他们不.
In Security Implications from Improper De-acquisition of Medical Infusion Pumps Heil和 performs a physical 和 technical teardown of more than a dozen medical infusion pumps — devices used to deliver 和 control fluids directly into a patient’s body. Each of these devices was available for purchase on the secondary market 和 each one had issues that could compromise their previous organization’s networks.
The reason these devices pose such a risk is a lack of (or lax) process for de-acquisitioning them before they are sold on sites like eBay. In at least eight of the 13 devices used in the study, WiFi PSK access credentials were discovered, offering attackers potential access to health organization networks.
在报告中, Heil和 calls for systemic changes to policies 和 procedures for both the acquisition 和 de-acquisition of these devices. The policies must define ownership 和 governance of these devices from the moment they enter the building to the moment they are sold on the secondary market. The processes should detail how data should be purged from these devices (和 by extension, 很多人). In the cases of medical devices that are leased, contractual agreements on the purging process 和 expectations should be made before acquisition.
The ultimate finding is that properly disposing of sensitive information on these devices should be a priority. Purging them of data should not (和 in many cases is not) terribly difficult. The issue lies with process 和 responsibility for the protection of information stored in those devices. And that is a major component of the cradle to grave security concept.
