Big Company/Agency Cyber Issues… Check your suppliers… Is the SMB the weakest link?

Chief Executive Officer at NetWatcher
July 01, 2015

The OPM hack and loss of data looks like it originated from one of its contractors (reference the testimony here and go to 00:14:50 in the video). The Target hack and loss of data also came from one of its HVAC contractors.  More here. “CVS, Rite-Aid, Sam’s Club, Walmart Canada and other large retail chains have suspended their online photo services following a suspected hack attack against a third-party service provider that may, in some cases, have resulted in the compromise of payment card data.” More here. For the last several years Fortune 1000 companies have been installing security software, creating governance models and hiring security professionals to fend off the ever increasing cyber related attacks on their companies (more here).  However, the Small & Medium business markets (SMB) have been doing almost nothing to defend their infrastructure from malicious bad actors (more here, here, and here).  Why?  Because they can’t afford the protection (40% don’t have the budget more here), they can’t hire the expensive cyber security analysts required to manage very complex cyber security solutions (more here) and their executives do not understand the cyber security problem (until it’s too late).  The problem is that bad actors know this and they are using this soft underbelly in our infrastructure to infiltrate critical systems.  They know that these small companies are easy ways into big companies.  How?  Just follow any companies supply chain—for example, take a large aircraft manufacturer building the next jet liner and you will find more than 2,000 suppliers in over 20 countries delivering the components, parts, systems and hardware that is required to assemble the aircraft.  If you look at some of those suppliers you will find the same thing (they each have several suppliers and so on…).  This corporate to corporate commerce is what keeps our global economy going and growing.  The problem is that all of these supplier companies do not have the same emphasis on securing their networks as the large aircraft manufacturer—that creates a big hole and one that a bad actor can exploit.  If the bad actor can compromise the big company (aircraft manufacturer) via one of the suppliers in their supply chain they will easily do it.   If you don’t believe me, read the Symantec Corporation 2015 Internet Security Threat Report, where it outlines that small and mid-size businesses suffered data breaches more often than larger firms. We built Defensative’s NetWatcher Managed Cyber Security Service specifically for the SMB market.  We designed the service to be low cost yet very high value, easy to install and easy to use.   For more information email