Too small to be hacked
Apr 22nd, 2014 by Jesper Kråkhede
Not all my clients are big international companies with subsidiaries all over the world, on the contrary quite a number are small to medium companies with a lot less budget to manage security and hence a lot of my assignments are focused on minimising cost while giving them as much security as possible.
As very few of them has ever experienced a major security incident (hopefully due to my work) they tend to underestimate the risks of ever experiencing a breach. No matter the numbers I produce I´m typically met with the belief that ‘We are too small to be of interest and have nothing that is valuable.’
Quite often that is seldom the case. Even small companies have valuables in one way or another. Most of the times they have some kind of intellectual property that should be protected but at the very least they have infrastructure that an attacker possibly would like to user for their own interest, either as Bit-Coin miners or as a jump station to launch attacks at others, and during the pass time check for credit cards, commit some minor fraud with ordering phones to another address and utilise the affected company´s accounts for hardware purchases.