Everyone is a target
There are certain sectors that require stringent physical security measures. Banks, schools, airports, and museums, for example, all need greater security measures because they’re protecting something of high value – money, our children, national security or priceless artifacts.
But in the digital world, everyone is a target, however small you are. In a previous white paper, we discussed the monstrous problem of third-party risk. The challenge with third-party risk is that you can have the tightest security measures in place to protect your organization, but a small supplier can leave you dangerously exposed.
The US retailer Target lost the details of 40 million credit and debit cards through its heating, ventilation, and air conditioning (HVAC) system, which connected to the Internet for remote monitoring. Hackers exploited the vulnerability of the small third-party HVAC contractor, stealing Target’s login credentials and gaining a foothold in its payment systems.