We had our annual penetration test last week. It's a test by some people who know lots of nasty modern hacks against current information systems. These "white hats" run their tests, and then report what they've found. The idea being that in paying for such a report we learn ahead of time what the "black hats" would do to our system if we didn't tighten it up. "Black hats" these days meaning hired technical pros with automated networks of slave systems on the Internet who use their knowledge and tools to logically break into systems with "unfixed" security vulnerabilities. These wonderful people typically work for even more wonderful people: organized crime; certain nation-states; rival companies; you name it.
Our test came back so successfully that I was rather surprised. The small - nay, tiny - vulnerabilities uncovered this year could literally be fixed in a day.