I feel this is such a common issue in the food as well as pharmaceutical industry. The examples that I would like to offer would be 2 prominent players in each of the industries – Tyson foods and Pfizer.
Tyson foods is the world’s second-largest marketer and processor of beef, pork, and chicken — this is no small thing. Pfizer’s Covid vaccine was administered to hundreds of millions of people. If any of these were hacked, it would be a HUGE public safety hazard.
In terms of what should not have access to the internet and be safely guarded:
Tyson – Recipes of their flagship products (ideally all products), logins of their sensors that make sure all products are of optimal quality, master controls of processing plants. If these was compromised, not only would their business be at risk, but all the people who consume Tyson products could be at risk as well.
Pfizer – Formula for the vaccine, details of the people who know the formula of the vaccine, controls of vaccine production centers as well as login of controls that ensure optimal quality. If any of these were compromised, someone could get access to the formula for the vaccine or be able to ruin its quality and if they want to create mass destruction, they would be able to do it.
If Sara remained quiet or had been ignored by the CEO, they would not have hired the consultant and realized that their systems were extremely vulnerable. They instead would have most likely taken the route of further strengthening their online systems and would have not thought of taking certain things offline. Her unique perspective allowed the team to think outside of their preconceived assumptions and exposed them to information that they were not aware of.It definitely is tricky to speak up and challenge ideas in a male-dominated meeting with a CEO. The power dynamic alone is enough to scare one, let alone the gender imbalance. But if she stayed quiet, things wouldn’t have changed and they would have probably continued to have such issues (or maybe, even worse ones as the consultant mentioned). I also respect the CEO for not dismissing what she said, it takes a lot to even start to consider that your decisions (since he drove the digitization) could have been a mistake and Chad did it really well – like a true and good leader. He didn’t let ego win, but thought back to what really matters (his values).
I think in terms of relevance to our project, we are going to be dealing with people’s calendars. I would want to get rid of all the information about where and what people are doing at certain times (instead just have it as blocks of time when they are not available or are busy). Access to details about people’s whereabouts is a privacy and safety concern and I would not want to do that to my users.
It takes forever to build trust, but just one incident to break it.
