Security Tales: The Untrustworthy Penetrator

[Rakhiraqsdiwseo]

Vladimir Bezmaly | 06/17/2019
- So, gentlemen, you all know that our company has been planning to conduct an IT and information security audit for a long time. Your suggestions? Financial Director?

- This is very interesting, but, Mr. Director, we have no money! We did not plan such expenses.

- I know. But we were going to go public, and that's a must.

— It is necessary to conduct it, that is for sure. Moreover, you can find this service on the market and relatively inexpensively. In extreme cases, we will only conduct a pentest and say that we have passed the audit. Who will figure it out? Well, we will lie a little. And even then, you need to look for something cheaper.

- Well then, let's go ahead.

Two weeks have passed.

- Mr. Director, the most denmark mobile database conditions were offered by company N. It's quite cheap, and their reviews seem to be quite good. Although, of course, company N is not one of the leading ones. But the leading ones are expensive!

- Okay! Let's sign the contract. Don't forget the non-disclosure agreement.

- Undoubtedly!

Another week passed.

- Mr. Director, we have found vulnerabilities. We can fix them.

- Great! And how much will it cost? Do you need to involve someone or can you do it yourself?

— We'll do it ourselves.

Another two weeks passed, and suddenly the company's data surfaced among competitors.

- What? We were hacked? But why didn't you see anything?

- Alas, we really didn't see anything. Moreover, we still don't understand how it was done!

— Or maybe these are your auditors?