What a technician says
“Your applications have SQL injection vulnerabilities.”
What it means for you
A flaw in one old internal system could allow someone to view, change, or delete business data.
Translation
Sixteen examples of what cyber and IT reports actually say — and what each finding means for your business. After the examples, three rules for translating any report yourself.
What a technician says
“Your applications have SQL injection vulnerabilities.”
What it means for you
A flaw in one old internal system could allow someone to view, change, or delete business data.
What a technician says
“You are using SA credentials across multiple databases.”
What it means for you
One reused master password could give total control over your company databases.
What a technician says
“There is no segmentation between virtual servers.”
What it means for you
If one system is compromised, the attacker may be able to move into others — because everything is too closely connected.
What a technician says
“You have no CI/CD or deployment controls.”
What it means for you
“CI/CD” is the automated pipeline for testing and releasing changes. Without it, changes are made by hand. Mistakes are hard to prevent, hard to spot, and hard to reverse. There's no record of what changed when.
What a technician says
“Users are using AI to create Node.js applications.”
What it means for you
Staff are now able to create software that touches company data — even if they do not understand the risks.
What a technician says
“Several internet-facing servers have unpatched critical CVEs.”
What it means for you
Old, well-known holes are still open. Most ransomware doesn't use new techniques — it uses these old holes. Patching is the single most effective cyber activity, and it isn't being done.
What a technician says
“There is no MFA on privileged accounts.”
What it means for you
A single password — if leaked, guessed, or phished — gives the attacker full admin rights. MFA on admin accounts blocks the most common SME breach.
What a technician says
“Your backup tier is not immutable.”
What it means for you
If ransomware reaches your backup system, the backups themselves can be encrypted or deleted. You have a backup until the moment you need it.
What a technician says
“Your TLS configuration receives a B grade and uses TLS 1.1.”
What it means for you
The padlock in the browser doesn't actually protect customers the way it should. Older versions of the encryption can be broken.
What a technician says
“Stale accounts exist for users deprovisioned more than 6 months ago.”
What it means for you
People who left months ago can still log in. If their credentials were ever leaked, or guessed, they're a free way back in.
What a technician says
“Authentication endpoints have no rate limits.”
What it means for you
An attacker can attempt a password a million times until one works. Without limits, brute-force is just a matter of patience.
What a technician says
“Logging is local-only with no centralisation or retention.”
What it means for you
If you're attacked, you won't be able to tell what happened, how, or for how long. Insurance claims and ICO conversations both go badly when there's no log evidence.
What a technician says
“BYOD devices are not enrolled in MDM.”
What it means for you
Personal phones and laptops with company email are unmanaged. If one is lost, you can't wipe the work data; if one is hacked, you can't see it; if the owner leaves, the data goes with them.
What a technician says
“DNS is not under direct organisational control.”
What it means for you
Whoever holds your DNS records controls your email and your website. If that's your old IT supplier or a contractor, they have a lever you don't.
What a technician says
“Firewall rules have not been reviewed in 18 months.”
What it means for you
The internet keeps your front door — and the rules deciding who gets in are out of date. Old rules for staff who left, for tools you don't use, or for tests that never ended.
What a technician says
“There are 23 Power Automate flows running with no documentation.”
What it means for you
Important business automations live in one person's account with no oversight. If they leave, the flows stop — or worse, no one knows they ever existed until they stop.