Ideally, modern organisations are supposed to operate as a well-oiled machine, with actions in one area serving to assist others in their duties.
This level of interdependence is what provides a business with its efficiencies that makes its service provision or production methods a valuable proposition – the focus of working to strengths and opportunities rather than reacting to market conditions.
However, this same cross-reliance of people and processes needs to be taken into context when undertaking penetration testing and information security reviews.
This is because it can be easy to dismiss a small gap in a firm's digital defences when the information most obviously at stake is not of great importance to the firm or its activities – the costs of protecting it can outweigh the immediate prospect of damage done by malicious external parties.
However, the access gained through one small, seemingly insignificant channel could be used later by the same individuals – or sold on to other participants – to explore for further vulnerabilities.
As security specialists will know, it is important to remember to think of the big picture when assessing the strengths and weaknesses of a firm's defences – because the small gaps that are ignored today could lead to greater problems later on down the track.