In thirteen years of IT work, I had reason to know things about different networks. For one, the login/password on EVERY server in the offices of EVERY agent for a nationwide insurance company is "Admin/PassWord", or something similar.
For a nationwide retailer NOT based in Bentonville, the same info is/ was, to the best of my recollection, Adm1n/Pass2word.
The CEO of a different (larger) insurer has his login/password on a Post-It note stuck to his monitor.
(The people who clean his office could surely make a LOT of money with this little bit of knowledge)
The state of network security is perilous, to put it most charitably.
The ONE system that was relatively secure was a bank for which I did Y2K - EVERY other system was laughable. (Unless there was one or two that I can't recall right now).
Surely my experience is roughly typical - unless I just happened to hit the ONLY insecure systems in the country?
Given that there is effectively no security on many or most of the networks connected to the Internet - why is there not more havoc created by either people who wish us ill or perhaps bored teenagers or Russian cyber-criminals?