[salamancara]

Heard a story recently of a major MSP forgetting to disable the Ethernet port on the back of a set top box, and it provided access to a VLAN with direct access to the company’s back-end systems. They didn’t have passwords on many of their databases because they assumed the firewall would protect them. Pwnage ensued.

This is a big company you have definitely heard of. You didn’t hear about the data breach because they basically paid the hacker off with a security consulting contract, then said he was a pen tester. This happens all the time.

Most companies are really bad at security. The bigger they are, the worse they are.