Security Tales: The Untrustworthy Penetrator
Posted: Sat Feb 08, 2025 6:53 am
Vladimir Bezmaly | 06/17/2019
- So, gentlemen, you all know that our company has been planning to conduct an IT and information security audit for a long time. Your suggestions? Financial Director?
- This is very interesting, but, Mr. Director, we have no money! We did not plan such expenses.
- I know. But we were going to go public, and that's a must.
— It is necessary to conduct it, that is for sure. Moreover, you can find this service on the market and relatively inexpensively. In extreme cases, we will only conduct a pentest and say that we have passed the audit. Who will figure it out? Well, we will lie a little. And even then, you need to look for something cheaper.
- Well then, let's go ahead.
Two weeks have passed.
- Mr. Director, the most denmark mobile database conditions were offered by company N. It's quite cheap, and their reviews seem to be quite good. Although, of course, company N is not one of the leading ones. But the leading ones are expensive!
- Okay! Let's sign the contract. Don't forget the non-disclosure agreement.
- Undoubtedly!
Another week passed.
- Mr. Director, we have found vulnerabilities. We can fix them.
- Great! And how much will it cost? Do you need to involve someone or can you do it yourself?
— We'll do it ourselves.
Another two weeks passed, and suddenly the company's data surfaced among competitors.
- What? We were hacked? But why didn't you see anything?
- Alas, we really didn't see anything. Moreover, we still don't understand how it was done!
— Or maybe these are your auditors?
- So, gentlemen, you all know that our company has been planning to conduct an IT and information security audit for a long time. Your suggestions? Financial Director?
- This is very interesting, but, Mr. Director, we have no money! We did not plan such expenses.
- I know. But we were going to go public, and that's a must.
— It is necessary to conduct it, that is for sure. Moreover, you can find this service on the market and relatively inexpensively. In extreme cases, we will only conduct a pentest and say that we have passed the audit. Who will figure it out? Well, we will lie a little. And even then, you need to look for something cheaper.
- Well then, let's go ahead.
Two weeks have passed.
- Mr. Director, the most denmark mobile database conditions were offered by company N. It's quite cheap, and their reviews seem to be quite good. Although, of course, company N is not one of the leading ones. But the leading ones are expensive!
- Okay! Let's sign the contract. Don't forget the non-disclosure agreement.
- Undoubtedly!
Another week passed.
- Mr. Director, we have found vulnerabilities. We can fix them.
- Great! And how much will it cost? Do you need to involve someone or can you do it yourself?
— We'll do it ourselves.
Another two weeks passed, and suddenly the company's data surfaced among competitors.
- What? We were hacked? But why didn't you see anything?
- Alas, we really didn't see anything. Moreover, we still don't understand how it was done!
— Or maybe these are your auditors?