I work in networking in the US. You do NOT want me to start telling stories about security breaches. I'll share one. Last Nov I was asked to go onsite at the federal IRS office in a large US southern state. I went to some of the storage systems where they keep taxpayer records. I typed in the default root password for the machine and on 7 of 11 of the systems - I was into their storage subsystem as root login. I told the on-site wunderkind who had to be all of 19 years old. He said they had already 'hardened them'. I said it needs to be harder than hard. They also have offsite management networks that breaches the comms firewall with no VPN. Oye.....