PQE Group staff comprises experienced and skilled experts in multidisciplinary teams, available to support your company achieving the highest levels of safety for your systems. Visit our Digital Governance services page to know more or to contact us, and find the most suitable solution for your company.
Connect with us
CrowdStrike, the Endpoint Protection Platform manufacturer, promptly identified the cause of the problem, provided details on the incident and distributed a fix along with workarounds to restore the functionality of impacted systems as quickly as possible.
This incident highlights a few critical points:
- The interconnected nature of risk: Even a seemingly minor software update from a cybersecurity vendor can have cascading effects on critical infrastructure worldwide.
- The importance of preparedness: Robust Incident Response plans are non-negotiable. Quickly restoring operations is critical to minimizing downtime and financial impact.
-
Supply Chain Security is crucial: Organizations must scrutinize their vendors' software development and security practices. A lack of quality practice can introduce software vulnerabilities, thus exposing them to significant risk. This underscores the need for robust testing protocols, including the use of 'sandbox' environments, where software updates and patches can be thoroughly evaluated in isolation before being rolled out to a wider user base.
The Life Sciences Sector: A Unique Vulnerability
With its mission-critical research, manufacturing, and patient care, the life sciences sector faces unique challenges regarding IT resilience. Downtime isn't just an inconvenience; it can directly impact life-saving treatments and groundbreaking discoveries. Maintaining data integrity and system availability is non-negotiable in a sector where regulatory compliance is paramount.
This event underscores the importance of having up-to-date, effective, and tested Incident Response plans. Preparedness is preventing attacks and being ready to respond efficiently to incidents.
How to defend against the unexpected
-
Elevate Supply Chain Security through "trusted" partnerships: Conduct rigorous due diligence and audits on vendors, ensuring they adhere to strict quality and security standards and have transparent incident response processes.
-
Software Quality for regulated environments: Regulatory bodies are increasingly recognizing the importance of 'sandbox' environments in cybersecurity as they do for AI based software. These controlled environments allow for rigorous testing of software updates and patches, ensuring their safety and efficacy before they are deployed to critical systems. Organizations should prioritize vendors who adhere to these regulatory requirements and demonstrate a commitment to thorough testing.
-
Invest in Incident Response: Invest in a dedicated incident response team with expertise in cybersecurity and life sciences-specific regulations.
-
Operational resilience: Develop and regularly test comprehensive business continuity plans that address cyberattacks and potential disruptions from third-party vendors.
-
Leverage NIS2: The new EU NIS2 directive offers a framework for enhanced cybersecurity across critical sectors, including healthcare. Organizations are mandated to align their security practices with NIS2 requirements to bolster their resilience.
NIS2: A new era for cybersecurity
As the regulatory landscape evolves, the new NIS2 directive offers a robust framework for enhancing cybersecurity across critical sectors, including healthcare. By aligning their practices with NIS2 requirements, life sciences organizations can fortify their defenses and build greater resilience in their operations.
The CrowdStrike incident is a stark reminder that no organization is immune to disruption.
By adopting a proactive and layered approach to cybersecurity and embracing the principles of NIS2, life sciences organizations can better protect their operations, data, and, ultimately, the patients they serve.
