×

The one cybersecurity threat everyone misses

Fingers typing on keyboard
blackred | Getty Images

Companies must be increasingly watchful of security failings at their smaller-sized vendors, a point of particular focus for cyberattacks, senior executives at the Fortune Most Powerful Women conference said Tuesday.

"More and more as the large companies put their defenses in place, the adversaries are going toward their suppliers," said Sondra Barbour, Lockheed Martin's head of information systems. "We really need to pay attention to this."

After a spate of high-profile cybersecurity breaches at major companies like Target and, more recently, Home Depot and JPMorgan Chase, the biggest players for the most part have strong protections to wall off their proprietary information, Barbour and others said. But smaller vendors who can't afford expensive security measures—and yet have links to some of their larger client's sensitive data—are now in the crosshairs of sophisticated hackers.

"They're scanning thousands of businesses every single hour," said Denise Wood, chief information officer for FedEx. "They get into Fazio Bros. Air Conditioner Repair," she said, "and then they're in your network."

"There's a vibrant black market for all these vulnerabilities," Wood said.

Read MoreHackers tried breaching JPM, others

Barbour, Wood and Jamie Miller, chief information officer of General Electric, talked about their own policies of creating more and more elaborate cyberattack scenarios and running fire drills to problem-solve and communicate in case of a future hack.

The lack of emphasis on such practice sessions was one of the problems that Target faced last year, Wood said.

"They didn't include cyberattack in their crisis-response plans, and I think it's a common oversight," she said. Fedex, is taking note, she added, "We already had cyber in there, we're just drilling it much more." Target officials did not respond to a request for comment.

Read MoreHackers' attack struck systems at 10 companies

The executives also reflected on the problem of insider cybersecurity issues at a time when the disclosures made by Edward Snowden, a former Booz Allen Hamilton contractor who exposed U.S. government secrets to which he had access as a consultant, is top of mind.

"A trusted insider can be just as damaging, or worse," Miller said.

Read MoreTake your pick: security or privacy, not both

CORRECTION: An earlier version incorrectly characterized Fazio Bros. Air Conditioner Repair as a hypothetical example and gave an incorrect title for Barbour.