"New Connected Device Security Maturity Model Helps Orgs Strengthen Cybersecurity"
Ordr, a connected device security firm, has released a maturity model to aimed at helping healthcare organizations evaluate and improve their connected devices' security. The guide is divided into five maturity stages, each with recommended actions and detailed descriptions. Medical devices and other connected devices continue to pose a security risk to healthcare organizations. Although legislators have expressed interest in the issue, experts have stated that healthcare organizations must continue to prioritize device security internally while waiting for legislation to be passed. The idea of a maturity model is not unique to connected device security. According to the document, the National Institute of Standards and Technology (NIST) and others have developed models to help organizations progress from the most basic security levels to the most advanced levels in a logical sequence. Purchasing the most sophisticated tools is only useful if the other components required for an organization to successfully leverage its capabilities are in place. Therefore, it is important in all of these models, to begin with people and processes. Asset visibility is the first step in the new maturity model. It is impossible to secure all connected devices on a network if organizations do not know what they are. This step includes suggestions for automating new device discovery and identifying initial device risk. The maturity model suggests that organizations focus on vulnerability and risk management. Organizations are encouraged to gain a comprehensive view of risk at this stage by identifying known vulnerabilities, using external sources such as threat feeds, and identifying risky traffic patterns. Reactive and proactive security are the third and fourth steps. The maturity model recommends that organizations use the insights from previous stages to help teams understand device risk and establish priorities during the reactive security stage. In order to reduce the attack surface, the model recommends that teams automate workflows and policies and implement zero-trust segmentation during the proactive security stage. This article continues to discuss the maturity model published by Ordr to help healthcare organizations evaluate and improve the security of their connected devices.