When developing ZADIG XDR, a monitoring system for large infrastructures, the company noticed that their clients were increasingly concerned about their smaller suppliers falling victim to cyberattacks, which posed a risk to the clients' overall security.
Their fear, well-founded, was that their dedicated efforts in securing their own systems could be undermined by the behavior of their suppliers.
We are talking about attacks on the 'supply chain,' targeting the weakest link in the chain. It's clear that any attacker prefers to target a small and vulnerable entity rather than a large company, and then navigate within the shared network between these two entities to ultimately go after the 'big fish.