The European Organisation for Research and Treatment of Cancer (EORTC) is Europe’s leading cancer clinical research organization. EORTC conducts leading clinical research to understand why cancers develop and evaluates and compares the most effective treatment options to improve the survival and quality of life of cancer patients in more than 730 university hospitals and cancer centers in 48 countries.
To assess and improve the organization’s security posture.
The Advantio Capability Maturity Assessment (ACMA) provided critical visibility to help the client enhance its security posture.
The EORTC operates in a highly regulated sector where clinical trial data is collected in large quantities. Even though this data is anonymised and complies with the strictest data protection standards, no organisation can be fully immune to cybersecurity threats today. As a rule, organizations are imposed with significant fines for failing to fulfil their data protection obligations for all sensitive and personal data protected under the EU-wide GDPR. Given the cutting-edge therapies, treatments, and drugs the EORTC is also involved in trialling and developing, IP flowing through its IT systems, it can potentially be a prime target for threat actors. These could be financially motivated cyber-criminals or even nation-state operatives looking to gain an advantage.
Other cyber-risks might stem from the large ecosystem of third-party partners the EORTC works with, including clinicians/doctors, hospitals, researchers, and pharmaceutical companies, among others. These collectively could represent a significant supply chain risk.
Advantio offered EORTC its initial ACMA report free of charge (an in-kind contribution).
– Pascal Ruyskart
Head of the EORTC Information Technology department
Developed by Advantio, the ACMA is a framework for assessing security posture which allows organizations to make strategic risk-based decisions about where to target their investments. It focuses on internal policies, external standards, and compliance.
The ACMA’s holistic methodology focuses on IT and cybersecurity business functions, enabling organizations to:
Advantio was engaged to perform its ACMA on the EORTC’s IT department. This was done in two separate stages, between July and August 2019. First, an onsite assessment rated the maturity of the EORTC’s processes and related adoption. Next, a black box penetration test was performed on its external web-facing applications.
Thanks to a comprehensive ACMA, Advantio was able to provide the EORTC with a full maturity assessment report and maturity score. This gave the customer a good sense of potential security gaps. An implementation plan with timelines and costings provided more information on how the EORTC could go about putting these changes into practice.
In the end, the EORTC was able to gain invaluable awareness of the potential level of cyber risk facing the organization. With this visibility and a concrete action plan, it was able to take practical steps to further improve its cybersecurity operations and build more rigorous defences against commodity attacks. The organization is now more resilient from a security posture perspective than it was pre-ACMA.
Tell us more about you and one of our experts will call you back