What Cybersecurity Can Learn from Glucose Management in Diabetes

One of the significant concepts introduced by the NIST Cybersecurity Framework (CSF) in version 2.0 is the idea that “cybersecurity risks are expanding constantly, and managing those risks must be a continuous process.” Additionally, NIST emphasizes that “the organization’s cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored.” Since this was published, I have been pondering the true meaning of “constantly,” “continuous,” and “monitored” within the context of cybersecurity. I found a compelling analogy in the concept of continuous glucose monitoring (CGM) used in managing diabetes.

I was recently introduced to CGM and its profound impact on managing diabetes. CGM systems provide real-time readings of glucose levels, alerting patients to high and low levels before they become critical. This proactive capability allows patients to make preemptive adjustments to their diet, exercise, or medication to prevent dangerous glucose spikes or drops. As I explored CGM further, I realized its striking similarities to the Continuous Cyber Risk Scoring System (CCRSS) used in cybersecurity. Both systems rely on constant vigilance, data analysis, and proactive management to prevent significant issues.

In this article, we will explore how the principles and practices of continuous glucose monitoring can be mapped to cyber risk management. We will examine key areas such as regular monitoring, data analysis, immediate action, historical tracking, customization, contextual understanding, improved decision-making, proactive management, and predictive capabilities. By drawing parallels between CGM and CCRSS, we aim to highlight how organizations can enhance their cybersecurity posture through continuous, proactive, and informed strategies.

The primary purpose of risk management is to improve the quality of decisions made by leaders within an organization. In the context of cyber risks, this means providing decision-makers with clear, accurate, and timely information about potential cyber threats and their impact on the organization. The ultimate goal is to enable informed decisions that balance risk with opportunity, ensuring the organization’s resilience and strategic progress. So, we are going to start with this point.

Improving Decision-Making: Being Proactive and Better Informed

CGM has revolutionized the way diabetic patients manage their health by providing continuous, real-time data. This technology empowers patients to make proactive decisions, significantly improving their quality of life and health outcomes. Similarly, CCRSS can transform cyber risk management by enabling organizations to be more proactive and better informed in their decision-making processes.

• Continuous Glucose Monitoring (CGM): CGM systems allow patients to understand the immediate impact of their dietary choices, physical activity, and medication on their glucose levels. This immediate feedback helps them make informed decisions that can prevent dangerous spikes or drops in blood sugar. Patients can adjust their behavior in real-time, leading to better overall management of their condition and improved health outcomes.

• CCRSS: In the same vein, CCRSS provides organizations with real-time data on their cybersecurity posture. By continuously assessing and analyzing risk factors, organizations can make informed decisions to mitigate potential threats before they escalate. This proactive approach enables security teams to implement timely interventions, adjust security protocols, and allocate resources effectively, ultimately leading to a stronger and more resilient cybersecurity posture.

Data Analysis: Turning Information into Action

The information gathered from regular monitoring must be analyzed to understand the current status and potential risks, whether it’s for a patient’s health or an organization’s security.

• Continuous Glucose Monitoring (CGM): The results from glucose tests are analyzed to determine if a patient’s blood sugar levels are stable or if they need to adjust their insulin, diet, or lifestyle. This analysis is crucial for preventing complications.

• CCRSS: In the cyber realm, CCRSS analyzes the collected data to determine the likelihood of threats and the potential impact on the organization. By assessing factors such as the configuration of security controls, asset criticality, and recent threat activity, CCRSS provides a clear picture of the current risk landscape.

Immediate Action: Responding to Threats and Crises

When critical levels are detected, whether in glucose readings or cyber risk scores, immediate action is necessary to mitigate potential harm.

• Continuous Glucose Monitoring (CGM): If a patient’s glucose levels are dangerously high or low, they must take immediate corrective actions, such as administering insulin or consuming fast-acting carbohydrates.

• CCRSS: Upon detecting high-risk scores, CCRSS can trigger automated responses or recommend immediate actions. These may include disabling compromised accounts, adjusting security settings, or alerting security teams to potential breaches. This proactive approach helps prevent incidents from escalating into full-blown crises.

Historical Tracking and Trends: Learning from the Past

Understanding trends over time is crucial for both managing diabetes and improving cybersecurity.

• Continuous Glucose Monitoring (CGM): By tracking glucose levels over time, patients and their healthcare providers can identify patterns and make informed adjustments to treatment plans.

• CCRSS: CCRSS continuously tracks risk scores to identify trends in an organization’s security posture. This historical data helps security teams understand the effectiveness of their measures, make strategic decisions, and improve their overall risk management practices.

Customization and Personalization: Tailored Approaches

Both diabetes management and cyber risk management require personalized approaches to be effective.

• Continuous Glucose Monitoring (CGM): Each patient’s treatment plan is tailored to their specific health needs, lifestyle, and medical history.

• CCRSS: The CCRSS is customized to the unique needs of each organization. It considers the specific risk landscape, asset criticality, and business impact, allowing for a tailored risk management strategy that aligns with the organization’s goals and resources.

Contextual Understanding: The Key to Accurate Scoring

Accurate interpretation of both glucose levels and cyber risk scores depends on understanding the context in which these readings are taken.

• Continuous Glucose Monitoring (CGM): A glucose level reading needs to be understood in the context of recent activities, such as meals, physical exercise, or medication. Without this context, the numbers alone can be misleading. For instance, a high glucose reading post-meal might be normal, whereas the same reading in a fasting state might indicate a problem.

• CCRSS: Similarly, cyber risk scores must be interpreted within the context of the organization’s operational environment. Factors such as recent system updates, changes in threat landscape, business activities, and security measures in place all provide necessary context to understand what a given risk score signifies. For instance, a high-risk score during a major system upgrade might be less alarming than the same score in a stable environment, as the former might be a temporary fluctuation.

Preventing Bigger Consequences: Proactive Management

Correct management of both glucose levels and cyber risk scores can prevent more significant consequences, ensuring long-term health and security.

• Continuous Glucose Monitoring (CGM): By maintaining regular glucose monitoring and taking timely corrective actions, patients can prevent severe complications such as heart disease, nerve damage, and other diabetes-related health issues. Proactive management helps patients maintain a stable and healthy life.

• CCRSS: Similarly, by continuously monitoring and managing cyber risk scores, organizations can prevent major security breaches that could lead to data loss, financial damage, and reputational harm. Proactive cyber risk management helps organizations stay ahead of threats, ensuring business continuity and resilience.

Proactive and Predictive Capabilities: Staying Ahead of Threats

Both CGM and CCRSS have the potential to be not just reactive but also proactive and predictive, helping to prevent issues before they arise.

• Continuous Glucose Monitoring (CGM): CGM systems provide real-time readings of glucose levels throughout the day and night, offering alerts for high and low levels before they become critical. This proactive capability allows patients to make preemptive adjustments to their diet, exercise, or medication to prevent dangerous glucose spikes or drops. By predicting future glucose levels based on current readings, CGM helps patients manage their condition more effectively and avoid complications.

• CCRSS: Similarly, CCRSS leverages advanced analytics and threat intelligence to predict potential vulnerabilities and threats before they can be exploited. By analyzing patterns and trends, CCRSS can forecast areas of potential risk, allowing organizations to strengthen their defenses proactively. This predictive capability helps in identifying not just current but also future risks, enabling preemptive actions to safeguard the organization’s cyber environment. For example, if a pattern of increased phishing attempts is detected, CCRSS can alert the organization to bolster email security measures before a breach occurs.

Improving our health and reducing cyber risk in the digital enviroment

The Continuous Cyber Risk Scoring System (CCRSS) is a powerful tool for managing cyber risks in a proactive and dynamic manner. By drawing an analogy to the continuous glucose monitoring (CGM) system used in diabetes management, we can appreciate the importance of continuous monitoring, data analysis, immediate action, historical tracking, customization, contextual understanding, and proactive and predictive capabilities in both fields. Just as regular glucose testing helps diabetic patients maintain their health, CCRSS helps organizations maintain a robust and resilient cybersecurity posture, capable of withstanding the ever-evolving threats of the digital world. Ignoring regular monitoring and analysis in either context can lead to severe and potentially catastrophic consequences, highlighting the critical need for continuous vigilance and proactive management. Properly managed, both continuous glucose monitoring and CCRSS can significantly reduce the risk of larger problems, ensuring long-term stability and security.