The 21st century has seen major digitalization, but with digitalization, it has seen some critical systems coming online, and anything online is vulnerable to attacks. As a computer scientist, I have always been interested in questions about the trade-off between getting things online and making them air-gapped. There are many businesses that handle critical public information, like Banks, hospitals, Google, Facebook, Credit Card companies, etc. It is common to hear news of a new breach almost weekly. Recently there was a breach in Uber that revealed some of the company’s internal finances. Any attack on financial institutions or medical institutions can lead to a threat to public safety.
I think most companies define their user data into multiple levels of privacy, starting from highly private to moderately private to public. Highly private would include the health and financial information of individuals along with the company’s IP. Moderately private information would be something like company chats or user activity on their website/app.
In my opinion, highly private information should be kept offline (air-gapped, accessible only via VPNs), and moderate sensitive information can be protected with logins.
Who Invited her
Usually, the thinking of higher C-level executives are overly focused on business outcomes that they are unable to perceive the underlining threats and vulnerabilities a system might have. This was the same case with the cheddar company, the C-level executives never thought that taking a system offline and increasing the cost could even be an option. When Sara raised the question of hiring a tech consultant, she challenged hierarchical and gender assumptions as she was lower in the company rank and was a woman. It was important that she did that otherwise, the technical vulnerabilities inside the cheddar company would never have been revealed and might have led to the next Listeria. Sometimes the best way to analyze a system is not by someone who knows the system well but by a third party who can look at the system more objectively and give better insites.
If the CEO ignored her, then cheddar company would have kept working on putting more money in their cyber security and making more reports about how the attack happened. However, it might have never been able to detect the problems with their technological advancements.
