“Ransomware Doesn’t Scare Me; Listeria Does”
As the case study demonstrates, over-networking systems in pursuit of convenience and cutting costs can unintentionally expose companies to non-negligible risks that could potentially lead to hacking and even catastrophes—they cited the possibility of spreading listeria, a devastating infectious disease. Another example of an industry that could pose risks to public safety if over-networked is drugs/pharmaceuticals. If hacked, not only could secret formulas and internal research be stolen, causing tremendous losses to the company, but if crucial parts of their production systems were to be taken over by an adversary, their products could be subtly tampered with and they could seriously harm or even kill their end-customers. In my opinion, the risks of having the production processes hacked are simply too great to justify putting any crucial systems online. Or, if some processes are online, drug companies—and other companies, for that matter—should have post-production testing mechanisms (that are offline, of course) as a preventative measure to ensure their products are exactly what they intend to distribute. It makes sense to have research and/or secret formulas online in order to facilitate collaboration and have digital backups, but security must not be overlooked and significant investments should be made to keep those things sealed tight.
“Who Invited Her?”
If Sara chose not to speak up, Chad the CEO would have likely gone with the chief information security officer’s recommendation to increase spending for intrusion-monitoring systems—which in my opinion is equivalent to putting a larger band-aid over the wound—and the company would have lost out on an alternative course of action, which would be to directly minimize risks by reducing overall exposure to hacks. Sara would have also personally missed out on an opportunity to share a potentially business-saving idea and would not have gained the CEO’s trust and respect. It took great courage for Sara to speak up in the tense environment of the boardroom, surrounded by men who outranked her and evidently did not take her seriously, and especially since she responded directly to the chief information security officer, who is supposed to be the most knowledgeable. As the article “How to Speak Up When It Matters” states, “it’s crucial to recognize that it won’t necessarily feel easy to do.” Sara must have definitely felt the pressure, but she still chose to speak up since she believed in the value of her contribution. She spoke up in a way that made it clear that she wasn’t trying to dissent but rather suggest something that would help, which likely lessened the social threat of speaking up.
