Target Hackers Broke In Via HVAC Company
How many integrators have access to client's networks remotely? How many clients know that or gave permission? More than once I've busted an integrator for installing a back door (that's what you call remote access without permission.) I've also done gigs where I was the one setting up the VPN gateway so as to provide valuable productive remote access for trusted supply chain members.
How common is the "we just put in remote access, we never asked" approach? I know nationwide integrators do it (ewww!) so it's not just a trunkslammer problem.