Cybersecurity is not an IT Problem

O P I N I O  N

People sometimes ask why IT can’t fix the cybersecurity problem.  The reason is pretty simple.  Cybersecurity is not an IT problem.

IT can make systems very secure.  Only problem is that employees won’t be able to get their job done.  No mobile.  No WiFi.  No personally owned computers.  Really long complex passwords.  You get the idea.

Several British companies have decided that the way to improve security is to implant a microchip in the hand of several hundred thousand employees instead of giving them a badge.

After all, what could go wrong?

Kind of like your cat.  After all, the pet door that is supposed to open with your cat’s chip always works, right?

If an employee wants to go to the bathroom, wave your hand in front of the bathroom door.  If you have already taken a bathroom break this morning maybe the door won’t open.

What happens when your “badge” stops working (I am sure that those of you who have a work badge or have gone to a hotel have never experienced that)?

Who pays for the medical bills if there are complications?

What happens when you change employers?

And, of course, you can’t turn it off on the weekends or at night.

Can you opt out?  Your cat didn’t have a choice.

Now the PR Spin.

KPMG said it was not considering microchipping it’s employees and would, under no circumstances, consider doing so.

So while, apparently, some employers ARE considering microchipping their employees, think about this:

  • Equifax couldn’t patch all of their servers
  • Target didn’t isolate a server that a refrigeration vendor used to find out what cooler needed repair from their credit card system
  • Home Depot wasn’t PCI compliant when they were hacked;  their lead security engineer was a convicted felon (Ricky Joe Mitchell was convicted of sabotaging his former employer) and it has been widely reported that when the security team asked for more funding to improve security they were told that Home Depot was in the business of selling hammers – how does this help us sell more hammers.
  • It seems that every week we hear about another company that “accidentally” allows anyone on the planet to download the content of their Amazon S3 storage buckets containing userids, passwords and all kinds of confidential information.

If businesses cannot handle the security basics, microchipping their employees is not going to help.

99% of the time, security is about the basics.  Every now and then it requires heroic efforts, but those times are relatively few.

This issue is gonna be with us for a while.  A long while.  Anyone who is hoping for a silver bullet solution – I have a bridge in Brooklyn for sale cheap.


Information for this post came from Slate and The Guardian.

Leave a Reply

Your email address will not be published.