As someone else said, it’s “when” not “if” when it comes to security. You could have the best defences possible, but all it takes is a vulnerability in something public facing, like a zero day (looking at you Equifax and Struts), and you’re instantly at risk.
Plus, this is ignoring the easiest option... just spear phish the employees, won’t be long before you get a catch or two.
Breaches are inevitable, it’s all about spotting them early and minimising their impact. Oh and strong hashes help :)
I don't agree. With proper design a zero day in a web-facing framework should not automatically expose a full database of sensitive user information to the internet.
Plus, this is ignoring the easiest option... just spear phish the employees, won’t be long before you get a catch or two.
Breaches are inevitable, it’s all about spotting them early and minimising their impact. Oh and strong hashes help :)