“Ransomware Doesn’t Scare Me; Listeria Does”
Cyber attacks on companies in the food and pharmacy industry could cause public safety concerns. For example, a pharma company producing medications should not have their machines connected to the internet. If an attack modified the measures of substances during the medication production, the consumers of these medications might suffer from side effect or even death if there are not enough quality management and control mechanism in place.
Another product that I can think of is baby food. I remember that a while back the German baby food company Hipp was sued because mothers had found glass shards in the food. It doesn’t even have to come to glass shards for a public safety concern to arise. If breaches in the production network were to allow for a manipulation of the amount of salt or sugar in the food that might already be harmful to babies.
Beside the mentioned family recipe in the article, information such as logins to control terminals within the production site, sensitive bank information and other valuable documents such as patents should be stored locally.
“Who Invited Her?”
The fact that Sara spoke up in the meeting was the right thing to do. She had informed herself about the topic and what could be done to protect the company from cyber attacks. Just because somebody is lower in the hierarchy does not mean that they don’t know anything about the topic that is being discussed. When it comes to dealing with a problem that needs solving it should not matter if the person who suggests the best solution is senior or male. Everybody’s voice should count, and gender or hierarchy only hinder the process in this case.
If it weren’t for Sara, they might have simply invested even more money in useless protection systems and could have run into even worse problems down the line. Because she took the initiative to speak up, the consultant was hired and that was a great step in the right direction. Identifying the issue, prioritizing them by severity, and formulating an action plan are all useful steps in dealing with the vulnerabilities. If I were the CEO, I would follow Sara’s advice. I would take the vulnerable systems off the network and store the most valuable documents locally. And I would thank Sara for being such a dedicated employee and encourage her to set an example for other women and junior employees in the company.
