I am humbled when I work with companies and find surprising gaps in their IT coverage. Many companies are lucky hackers don’t pay attention to them.
In the past I have brought security concerns to their attention and they appreciated it and worked on them. I often wonder what the cost to them would have been if the hackers found it first. What would their reputation be?
Now even though I help companies with security, my main focus is Intune related technologies. So if I discover something, it is often a glaring security hole.
One company in the past had such poor security that I told the main IT manager straight up that it was a problem. This was when I was a full-time employee. He dismissed it, and months after I left they had a publicized security breach. How unfortunate that he didn’t listen and that may not have happened.
I never take joy in being right if that means that someone suffers. Unfortunately in IT the desire to save money often takes priority over security concerns and that seems to be a dangerous and highly speculative bet I would never make. Still if companies want to roll the dice, that is their choice.
Hackers aren’t necessary smart, they only need to read the vendors documentation to find the vulnerabilities.If your IT isn’t making security a daily concern, then getting hacked is only a matter of time.