I've stopped wondering. Large companies employ such light-skilled people in the field of security (and not just there) that this simply has to be a topic. People only notice the problem when their house is on fire rather than when it is already a disaster. CFOs appear to be born on the same planet in the same crater.
Last week, I returned from a business trip to a western EU company with more than XX subsidiaries worldwide. I try to keep them anonymous. You'll find out why. Very "modern" manners manage the company. Literally. I got into the building without anyone stopping me or ask me who I'm ... the people standing in front of the door let me go. Then I got into a beautiful open space. No lobby or reception. Right in the middle of the building. Straight to the coffee "capsuled" machine and cooling box with everything possible. Since I didn't know anyone there, I was waiting for a "local" who was on his way to the office. So I asked a passing young man if I could make coffee - sure. And if they have WiFi there - of course, there is a password on the board.
So I came to a big board where many (stupid) keywords were written, which are "in" today. And there were two big messages - a password for guests and a password for corporate. So I took the corporate, just for a check. Connected. So I turned on the scanner - everything connected as well. A moment later, the "local" came and greeted me warmly. Subsequently, we continued the topic of our meeting - how do the data science and data security rules for this kind of operation. I handed them my findings - the result - no one was surprised. No one even realized what that meant. "Who would put a long and complicated password in there?"
The next day I saw the same thing on that board as yesterday. Who cares? A data breach?
This company has an evaluation of + XXX M $ and works exclusively with end-customers data. Much more sensitive than telephone contacts. I will not describe more.
P.S: And the corporate WiFi password was "companyname2021". And, of course, that WiFi was available from outside.
Last week, I returned from a business trip to a western EU company with more than XX subsidiaries worldwide. I try to keep them anonymous. You'll find out why. Very "modern" manners manage the company. Literally. I got into the building without anyone stopping me or ask me who I'm ... the people standing in front of the door let me go. Then I got into a beautiful open space. No lobby or reception. Right in the middle of the building. Straight to the coffee "capsuled" machine and cooling box with everything possible. Since I didn't know anyone there, I was waiting for a "local" who was on his way to the office. So I asked a passing young man if I could make coffee - sure. And if they have WiFi there - of course, there is a password on the board.
So I came to a big board where many (stupid) keywords were written, which are "in" today. And there were two big messages - a password for guests and a password for corporate. So I took the corporate, just for a check. Connected. So I turned on the scanner - everything connected as well. A moment later, the "local" came and greeted me warmly. Subsequently, we continued the topic of our meeting - how do the data science and data security rules for this kind of operation. I handed them my findings - the result - no one was surprised. No one even realized what that meant. "Who would put a long and complicated password in there?"
The next day I saw the same thing on that board as yesterday. Who cares? A data breach?
This company has an evaluation of + XXX M $ and works exclusively with end-customers data. Much more sensitive than telephone contacts. I will not describe more.
P.S: And the corporate WiFi password was "companyname2021". And, of course, that WiFi was available from outside.