Solution may cause more problems
While I applaud the inspector general for attempting to find a root cause of the hacking of the S.C. Department of Revenue, his solutions are classic reactions that won’t fix the problem and may even make the state more vulnerable.
The event that caused the security breach was a single opening of a malicious (aka phishing) email by a state employee. The inspector general is critical of decentralized security and the recommended solution is the creation of centralized security and a new chief security officer.
However, security is always decentralized. It is the responsibility of every state employee with a computer. The more effective solution is frequent employee training, periodic assessments, and the need for every state employee to assume responsibility for security. It really is everybody’s job.
The inspector general’s solution will likely create an atmosphere of “security is their job” and not mine. Such a prevailing attitude will create convenient escape goats and invite another incident.
Notice about comments: