/ Blog / By
Achilles Heel in Security

Are People the Achilles Heel in Security? Maybe When it Comes To DNA Testing

Read a great article this weekend titled: A Researcher Needed Three Hours to Identify Me From My DNA

I have two perspectives after reading this article.

My first thought comes from my background and experience in the law enforcement/intelligence field. No doubt the ability for law enforcement/intelligence agencies to leverage DNA databases and the science behind those databases will be an invaluable tool. The methods, procedures and legal guidelines will continue to evolve as reliance on this science expands. I suspect there will be robust efforts in the legislative bodies to ensure this science is not abused. Or at least give the impression our government is trying to curb any abuse. The constant friction between what’s good and how it is governed will continue.

Now let’s look at this from a cybersecurity, data protection perspective. We constantly hear people are the weakest link in security. From succumbing to phishing attacks, using bad password hygiene, not deploying simple upgrades to systems or failure to cascade a security culture throughout the organization. There is a plethora of reasons we hear why people are the primary achilles heel.

I don’t subscribe 100% to the notion of people being the weakest link. But, in the case with commercial DNA testing I do agree. Why would you ever send the most primary element of your identity as a person/human being to a company? I get the basic urge of people wanting to learn their genesis, seek lost family members or overcome a medical need. Fortunately, I have never experienced that need. But, when does the value of protecting your DNA exceed the value you would receive by sharing your most basic identity?

We lecture on the virtues of protecting our SS number, credit card info, birth dates, etc. yet we have this need to give away our basic human identity to unknown commercial entities with no thought of how that data will be used or how it will be protected. Here is a stat from the article you should think about: 15 million people have already sent their DNA sample to two companies, 23and Me and Ancestry

Have to think twice about people being the weakest link. Not because of being inept, but in the case of DNA testing we as humans have to satisfy our primordial need. What do you think?