In the world of computers, we should trust no one.

If hackers break into the system and steal data that data can be sold in many places. So even if officials can track hackers and put them in jail, that information is gone forever. Or it turns meaningless. If some secretive information about things like stealth materials is delivered to the Internet that material can turn useless. 

The thing that we should worry about is a cyber war that the Russian, Chinese, and North Korean governments are making against Western allies that those countries see as their enemies. The hacking- or cyber espionage, controlled by governments is a real threat. Because governments protect those hackers that means they never go to jail. And then. Another thing is that this kind of hacking can continue even for years, and there is a lot of data that can disappear to the net. 

The problem and threat is that those countries are on a list that denies them to use of things like social media freely. If some North Korean citizen opens a social media account in Europe or the USA, that account is under surveillance immediately. So the Russians and North Koreans can also make contacts with local criminals that they deliver SIM cards and other important things to those countries. That allows them to open social media accounts and other important things that defenders cannot connect with those countries. 

Even if we believe that nothing is interesting in our life we must make sure that our data security is high enough. We might have Facebook friends whose family members or themselves are working in confidential positions. Those people are primary targets for intelligence operators. The banking clerks are also good targets because they might see who pays people's salaries. Sometimes that data reveals that the person works in high-class military-intensive areas. And even access to some Lockheed-Martin buildings makes people interested. 

The access to buildings allows spies to put spy cameras into those houses. And that makes it possible to see highly secured data. So we must also worry about physical security. The firewall will not protect anybody if hackers can walk into the house. 

And then, see passwords from some notebooks that people left on the table. Organized crime members can also search for people who can offer them things like weapon licenses or access to things like narcotic medicines. 

Reseachers make many new things all the time. Most of the systems are not secured. Because the systems themselves are secretive. And they are protected for one reason.  They involve classified or confidential information. And when we think about the modern world hackers can use all information that we share. Even our own identities and things like SIM cards are useful tools in the hands of cyber or data soldiers. 

Those people can open social media accounts in the name of Western people. And that makes it possible to deliver disinformation to Western societies. The trusted application allows data spies to ask people about their relationships with the government authorities. And also people who have keys to things like water supply systems or network-sharing rooms are interesting targets. Those places play a vital role in the society. And making damage to those systems the attacker can try to make people's lives uncomfortable. 

This is why all organizations should do vulnerability testing. All organizations must have zero-trust principles. There should not be people or parts of the systems that are trusted. All information interests some criminal actors or intelligence service. Vulnerability testing means that the system is tested in both levels. People and computers are at different levels. But people operate every system. So, even if there are some kind of written data security orders, organizations must follow that people read and follow those instructions and orders. 

The problem with old-fashioned data protection tools is that they are passive. Those systems didn't make a report if somebody made the login attempts in the middle of the night. 

All instructions are useless if people don't follow them. The AI makes it easier to write things like malicious code. But deny AI doesn't remove malware from the net. The malware like spying tools are not connected to the AI. And the worst thing that people can do is leave the workstations open and automatically log in to those stations. In those cases even the best network sniffers are useless. Maybe hackers try to slip into the offices playing cleaner. 

Then hackers might look for a workstation that is left open and settings allow automatic login. That kind of thing is one of the worst things that can happen. This is why the company should shut down those computers automatically and log them off. There should also be systems. That reports if somebody opens and tries to log into the network outside working time. 

That means that if a person does not have permission for overtime work the system should log that person out when working time is full. Company leaders should know who uses their computers and when they use those computers. The work computers are for work. And own computers are for private use.