As an owner of Both Securely Yours and Securely Managed LLCs in United States, we are delighted to have our subsidiary opened in India.  I have been practicing cyber security since 1989 and have frequently come across the following questions:

1. I am a small company – why do I need to worry about cyber security as the hackers are only interested in large companies. I am probably not on their radar for a cyber attack
2. I am a large or medium size company – I do worry about my suppliers but I don’t focus on small suppliers because they usually don’t have access to our sensitive information

In United States, we have been getting information related to cyber breaches for more than a decade now.  Based on the analysis performed by us, it is clear that a) small companies need to focus on cyber security as much as large companies, and b) large companies can’t ignore the security posture of their smaller suppliers. 

Case in point is the Target hack.  Target is a large retailer in United States and it was breached for millions of credit card records.  The analysis of the breach showed that the hacker initially breached a heating and cooling (small company) who monitored the computer room temperature.  The hacker obtained the user id and password into the Target system from hacking this small company.  And after weeks of analyzing the Target system, elevated its authority and was able to exfiltrate millions of credit card numbers.

The lesson learned is that in this day and age of connected systems, each organization need to look at their extended enterprise (cloud systems, vendors, suppliers, joint ventures etc.) and fully understand the cyber risks, before deciding to believe in these myths.