Behind the freshly painted white picket fence, plenty of corporate networks are probably not as far away from this near failure of account security as they’d like to imagine.
I can assure you that this is true.
The boneheadedness of people in the upper reaches of the food chain who delight in "not understanding IT" is 80% of the problem. The opionion that "nobody would attack us" is 20% of the rest.
> You are on an Internet server that seems not have to been updated in a long time.
> You might find a surprise in your webserver file hierarchy.
> You can go [N]orth or [E]ast.
> [N]
> You find a rootkit hidden in C:\Tmp
> [Look]
> The rootkit seems to have sent a lot of data to an Ukrainian IP address.
> [Inventory]
> You have 2 dollar to buy a new USB stick. Otherwise the budget for the year has been exhausted.
> [Leave]