Cybercriminals thriving on companies overlooking fundamental security requirements