If you have been following the Target breach investigations, you’ll know that they think that it all stated with vendor remote access credentials being compromised – in this case an HVAC service provider. However, many questions still remain unanswered. Like, what sort of authorization and access was allowed for those credentials? What about network segmentation? How was someone with credentials created for submitting invoices able to get to the production network?
How many vendors have access to your networks and systems? Do you have a vendor management program in place? Do you even know who has access?
Contact us if you would like to know answers to questions such as these and many more.