People regularly ask me “What’s the most common way you actually hack into businesses?”

They look at me with bated breath, expecting some mind-blowing story about zero-days or Hollywood-style exploits.

Instead, I bitterly disappoint them by being honest and telling them that 9.9 times out of 10, I get in due to ‘Password1’ or plain human error.

Not very glamorous. But very real.

One thing I’ve learnt is that security fundamentals are nowhere near as exciting as EDR, SD-WAN or AI. But they’re almost always the difference between me getting in and keeping me out.