It's the weakest link problem. Uber can have near perfect security but all it takes is a single one out of 20K+ employees to click on the wrong link, install the wrong app or trust the wrong person and suddenly the entire system is compromised. So in that sense your small business is more secure since there are way fewer possible targets.
>Uber can have near perfect security but all it takes is a single one out of 20K+ employees to click on the wrong link, install the wrong app or trust the wrong person and suddenly the entire system is compromised.
In a well run organization it takes a lot more than that. There were a dozen steps in this exploit chain where it could have been detected and blocked. Likely Uber didn't care about security and their security team lacked both political power and resources.
In this case it took both the one employee out of 20k+ getting tricked and the entire (supposedly world class) engineering org that allowed admin authentication credentials to get hardcoded into a globally accessible power shell script exposed on the intranet.
