A few weeks ago I recommended security people to at least Be the Caveman and perform basic adversary simulation / red teaming. Now I read Australia's top enterprises hit by laymen hackers in less than 24 hours:
A penetration test of 200 of Australia's largest enterprises has found severe network security flaws in 79 percent of those surveyed.
The tests, undertaken by University of Technology Sydney (UTS), saw 25 non-IT students breach security infrastructure and gain root or administration level access within the networks of Australia's largest companies, using hacking tools freely available on the Internet.
The students - predominately law practitioners - were given 24 hours to breach security infrastructure on each site and were able to access customer financial details, including confidential insurance information, on multiple occasions.
High-level business executives from the companies surveyed, rather than IT staff, were informed of the tests so the "day-to-day network security" of businesses could be tested. (emphasis added)
Again, my advice is simple, but now it is modified. Be the Caveman Lawyer.
One other point from the article:
Most of the 21 percent of companies who passed the penetration tests owed their success to freeware Intrusion Detection Systems (IDSs), according to Ghosh.
Snort was mentioned earlier in the article. That means you can be a Cheap Caveman Lawyer and prepare for common threats.