Companies Invest in Advanced Security but Neglect Basics

The author, a security analyst for a large company, evaluates acquisitions to ensure they meet security standards. He observes that these companies heavily invest in advanced security services such as MDR, XDR, and 24/7 SoCs, but often overlook basic cybersecurity practices. For instance, they use VPNs without MFA, administrative accounts with default passwords, and internally hosted financial applications with public IPs for connection without MFA.