Smaller businesses, like the HVAC company that caused the Target penetration in 2013, often think they are too small to be security targets, but SMB cybersecurity can have big implications. Size doesn’t matter as long as your firm has something of value that someone thinks is worth stealing, or a connection that someone thinks is worth exploiting.
In the case of Target, the retail chain had pretty solid cyber-security practices in place. Its Achilles’ heel was a Windows server running on the HVAC vendor’s site that could be compromised. That server breach led to Target’s point-of-sale system being infected with malware, resulting in millions of dollars in subsequent losses.
