Skip to content

Security Gaps Through Lack of IT Infrastructure Visibility

In a nutshell: Approximately one-third of all IT systems have critical security deficits or misconfigurations; 65 percent of attacks exploit known, already-patched vulnerabilities.

A security report from Arctic Wolf shows: in most cases, cybercriminals use no new vulnerabilities for successful attacks, but rather exploit fundamental management gaps in IT infrastructure. Companies are losing visibility of their systems — with critical consequences.

Arctic Wolf analyzed more than 800,000 IT assets for its current report. The central finding: roughly one-third of all examined systems have at least one critical security control that is missing or misconfigured. 18 percent of systems are neither included in patch nor configuration management. Ten percent have no endpoint protection. Another 17 percent are not captured by classical vulnerability scanners at all, so known security gaps remain undiscovered.

Outdated systems present a particular risk: 19 percent of the examined assets have already exceeded the end of their product lifecycle and no longer receive security updates. These legacy systems are commonly found on older servers, in virtualized environments, or on shared end devices. For CISOs this means significant blind spots in the infrastructure that attackers can deliberately exploit.

The attack patterns confirm this vulnerability: In 65 percent of the security incidents examined by Arctic Wolf, the attack occurred via publicly accessible remote access services. At the same time, a striking trend emerges — all ten most frequently exploited vulnerabilities had been known since 2024 or longer, and patches were already available at the time of the attacks for all of them. The abuse of trust relationships and misconfigurations rose in parallel to eight percent of incidents.

For companies, the challenge lies in establishing complete transparency over the IT landscape. Unmanaged devices, missing security controls, and outdated systems create blind spots that often only become visible after successful attacks. Comprehensive asset management combined with continuous monitoring and consistent hardening of all known systems remains the necessary foundation for CISOs to effectively prioritize risks.


Source: www.it-daily.net · Published July 7, 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: