Initially you may say yes, but remember, we’re strictly talking about cyber security…
I’ve been a ethical hacker for over 10 years, I love it, I can write wacky blog posts too :)
I used to come across two types of organisations, nowadays I come across three types. So before I would come across an organisation that either takes cyber security seriously or does not. In the case that they do, successful penetration was typically more difficult and if achieved required a higher level of skill and sophistication. The other 70% of companies were typically very easily compromised in a very short timeframe.
The three types of organisations I encounter today:
A. Big budget organisations, high level of security, penetration is ever more difficult and exhausting but they do sometimes make mistakes, and when they do, the adverse impact can be immense.
B. Organisations that take some level of precaution, maybe a pen test once a year, maybe have a staff policy, Firewalls, Anti-Virus all up to date, disaster recovery procedures etc. These organisations tick the boxes and brace…
