By the way, other employees of IT departments, then I would like to say about the numerous database vulnerabilities. Yes, no one has canceled numerous errors in system design, unsafe code, but, according to our observations, the weakest link is the database: excessive access rights to objects, access of database administrators to “sensitive data” (card numbers, phones, emails), what to hide, often to connect to productive databases easily selected passwords such as password1234 are used. Only every 5th IT specialist remembers about the recommendations of database vendors.
No one has canceled the human factor either:
data leakage can be not only accidental, but also intentional: after all, up to 90% of all databases that are present in the “black” markets are stolen by company employees, not hackers. And yes, unfortunately, representatives of IT departments who see all the data in the database and understand their value, most often sell this data.