For audio summary click below
The landscape of cybersecurity is crowded with buzzwords – sometimes to the point of confusion. While simply avoiding them is one way to go about it, understanding them will go a long way if you want to protect your healthcare organization and medical devices from potential cyberattacks.
So, what is really the ‘buzz’ in cybersecurity? In this article, the most used terms have been broken down, so the next time you encounter them, you can avoid confusion!
What are buzzwords in cybersecurity and why do they exist?
In cybersecurity, which is already a technical realm, buzzwords act as jargon that informs us about probing facts that are relevant in the current period. As a fun test of your knowledge, read the following section to see how many buzzwords you are familiar with:
With the rise of IoMT, HDOs and MDMs need cyber resilience. Threat actors target vulnerabilities with attack modes such as ransomware, malware and in some cases, botnets – which execute a DDoS attack. By incorporating cybersecurity encryption protocols and monitoring the potential for software vulnerabilities with an SBOM, you can better protect the HIE.
If you understood most of them, you may very well be an expert. If not, don’t fret – you are not alone in wishing there was less complexity in such terms. Keep reading to get one step closer to untangling them once and for all!
What cybersecurity buzzwords should I know?
The list below contains pairs of words that are often used interchangeably.
1. Vulnerabilities and threats
These two buzzwords have quite separate meanings. A vulnerability refers to a weakness in your software, where a threat has the potential to cause an adverse impact. For example, the Internet Explorer vulnerability that was found in September 2019, could lead a hacker (a potential threat actor) to execute arbitrary codes on devices.
2. Encryption and PKI
Both terms differ in the description as well as purpose. Encryption is the method carried out in order to convert information into cipher text, or in simple words, changing the contents of the communications to something unreadable. On the other hand, a Public Key Infrastructure (PKI) is a set of cybersecurity tools that enable the safe transfer of information over a network. It ensures all parties have the keys they need for encryption and decryption.
3. MDR and MDR
There are two ‘MDR’ acronyms which can confuse us: Managed Detection and Response (MDR) and Medical Device Regulation (MDR). They in fact, serve different cybersecurity functions. Managed Detection Response provides an organization with the necessary tools they need to fight cybercrimes, including Endpoint Detection Response. While Medical Device Regulation refers to a legal framework for medical devices which go into the market.
4. Ransomware and malware
These software terms are used frequently in cybersecurity. Even though they have a similar ring, ransomware is a malicious program that blocks users from accessing their devices until a ransom is paid. Meanwhile, malware is short for ‘malicious software’ and is any software designed with ill intent, including viruses, worms, trojan horses etc. Ransomware is also a form of malware.
5. Zero Trust, Zero-day exploit and Zero-day attack
The ‘zero’ terms are often confused to be the same thing by default. Zero Trust is a security concept that requires all users to continuously be validated and authenticated. Zero-day exploit is the technique which a malicious actor uses in order to get the advantage of the ‘Zero-day’ vulnerability (a security flaw). While a Zero-day attack happens when they release the malware to exploit the software vulnerability before the developers can identify and patch it.
6. SBOM and CBOM
Software Bill of Materials (SBOM) is a term that is associated with a Cybersecurity Bill of Materials (CBOM), but they have subtle differences worth noting. SBOM refers to a formal record containing the complete list of all materials – components and dependencies that are needed for building software. CBOM, on the other hand, is similar but includes both software and hardware components, brought under one term.
7. Botnets and DDoS
These two may also be used together to refer to a Distributed Denial of Service (DDoS) Botnet. The key element that separates these entities is straightforward. You need botnets, which are a collection of compromised devices, to carry out a DDoS attack, a method used by a threat actor to render an organization’s online services unavailable. In 2016 and 2017 for example, the Mirai botnet caused a DDoS attack and affected 65,000 devices.
8. IoT and IoMT
The Internet of Things (IoT) and the Internet of Medical Things (IoMT) have been widely iterated in cybersecurity recently. IoT refers to a network of connected devices that makes communication between them and the cloud possible. This includes all ‘everyday’ internet connected devices, whereas IoMT only refers to the connectivity of devices that are used in healthcare and medical applications. These include wearables and implanted medical devices, as well as MRI machines, infusion pumps, etc.
9. Cyber resilience and Cyber Incidence Response Plan
Cyber resilience is a buzzword that sometimes replaces the Cyber Incidence Response Plan (CIRP). Cyber resilience deals with protecting an organization against potential impacts; from improving security, all the way through to recovering from attacks. CIRP on the other hand is a plan detailing how to effectively respond to a cyber incident – including specific steps to take to return to full functionality if an incident is recorded.
10. Health Informatics and Health Information Exchange
In MedTech, these two terms have close associations. The way it differs is that Health Informatics (HI) is a field that uses healthcare information technology to expedite healthcare services, which includes analyzing patient data and usage of tools such as medical terminologies, clinical guidelines etc. Health Information Exchange (HIE) refers to the movement of information between healthcare organizations. This enables professionals like doctors or nurses to access and securely share patients’ vital information.
Whether it is preparing for cyber-attacks or combatting them, we hope the above list of buzzwords helps set the frustration aside and enables you to dissect cybersecurity topics with confidence.
Buzzwords in Cybersecurity don’t need to be difficult
It doesn’t end here – cybersecurity buzzwords have an ever-evolving nature as the industry grows and newer issues surface. No worries though, you have just expanded your vocabulary with a generous dose of buzzwords. With the advent of IoT, IoMT and vulnerabilities surrounding your devices (did you catch their meanings?), you will be better equipped to secure them and care for the patients.
If you are curious to know further about the tongue twisters that cybersecurity comes with, we have previously written about the most used IoMT acronyms which you can read here.
Need help answering a cybersecurity question from experts?
Feel free to start a conversation with us and our experts will guide you with cybersecurity strategies to best suit your connected medical device needs.
