The global average cost of a data breach in 2024 stood at an all-time high of around $4.88 million, an alarming figure expected to grow this year in line with the 10% annual increase seen last year. As well as the ensuing expenditure needed to rectify the organizational impact of an attack, the true cost of a security breach extends far beyond the financial toll. With threats proliferating, costs of a breach rising, and the regulatory environment tightening in turn, organizations must understand how to pivot if they are to adapt and thrive in a volatile cybersecurity threat landscape. In order to do so and ensure all bases are covered, comprehensive infrastructure visibility is vital. As the old adage goes, you can’t protect what you can’t see.
With over 60% of connected devices invisible to defenders and unmanaged assets being linked to 7 out of 10 breaches last year, unknown assets pose a considerable hurdle to achieving complete levels of visibility and network security. These latent devices—ranging from decentralized IT systems to IoT and OT devices— are extremely hard to identify and secure and can’t be picked up by traditional discovery and vulnerability scanning tools. This gap in coverage then creates blind spots, making it difficult for security teams to see the full picture and detect and respond to threats effectively. Here’s how serious it is getting at the highest level:
- Flax Typhoon (China) hijacked 200,000 IP cameras for their campaigns.
- Sandworm (Russia) manipulates industrial control systems with precision.
- Elfin (Iran) targets industrial systems to disrupt operations and gather intel
- Lazarus Group (North Korea) zeroes in on IoT and OT to exploit vulnerabilities
In IoT and OT environments, the prevalence of unmanaged and unknown assets is higher than traditional IT infrastructure due to the nature of these systems. Many IoT devices, such as smart thermostats, medical devices, and industrial control systems, are often deployed without proper security measures and can be difficult to manage and monitor, creating a larger attack surface and extending the likelihood of cyberattacks. With the increasing convergence of these systems with enterprise networks, IoT and OT devices serve as ideal jumping-off points to other parts of the network, allowing attackers to act fast as soon as weaknesses are identified – 72% can find and exploit a vulnerability in a single day. Once inside, attackers are often able to evade detection due to an organizations’ limited visibility, allowing them to bide their time and strike when the opportunity to steal sensitive information and demand hefty ransomware payments presents itself.
In order to fortify their networks, security teams must develop strategies specifically tailored to discovering and securing unmanaged assets within their respective environments and establish a thorough understanding of the attack surface as a whole—every single device, system, and asset attackers could use to get in.
A larger portion of the IT budget must be allocated to identifying and cataloguing all IoT and OT devices—including those unknown or unmanaged that may be hidden within the network. This approach will enable CISOs to gain a clearer understanding of their attack surface through knowing what they have and where it’s vulnerable, allowing organizations to take informed, focused action.
Even as security awareness training and controls improve, no system is impenetrable, but a clear picture of the entire environment is an invaluable asset when establishing a comprehensive risk management framework. This process begins with detailed discovery. Traditional discovery tools are simply not built for these environments. They rely on aggressive scanning techniques or authenticated access, which can destabilize sensitive devices or miss them entirely, especially since the network status of IoT and OT fluctuates with regularity.
What organizations need is a careful, continuous discovery process—one that’s sensitive enough not to disrupt operations but robust enough to provide a complete picture of the environment. This consists of identifying all connected assets, uncovering vulnerabilities, and remaining alert to new assets or changes that might threaten an IT framework. CISOs must then evaluate the precision and speed at which they can address emerging risks by mapping potential lateral movements of attackers across the network. This includes prioritizing fixes based on the criticality and exposure of systems, and establishing a clear view of the network to enhance segmentation and detect suspicious communication patterns
Discovery is only the first step. It has to be an ongoing process of not just identifying the devices, but understanding their exposures, connections, and convergence points between IT, OT, and IoT systems in detail. These devices often serve as jumping-off points for more sophisticated attacks, so prioritizing based on their criticality and connectivity is absolutely essential.
Organizations need to move away from fragmented approaches. Sprawl is overwhelming security teams—too many tools, too many integrations, and too much noise. While integrations are useful, they’re often just stitching together disparate systems, which can subsequently lead to duplication of data, discrepancies, and missed insights. What’s really needed is a consolidated approach that combines discovery and exposure management in one platform, with native capabilities that reduce complexity and provide actionable insights.
It’s not just about stopping the attacker at the front door anymore—it’s about knowing what they could target, blocking them from getting a foothold, and shutting down their pathways if they are successful in their attempts to slide in. In the event of a breach, attack surface visibility helps teams respond faster. With detailed asset data, organizations can pinpoint compromised systems, track how the attacker got in, and shut it all down before things get worse. Knowing where they might go—and exhausting all options to ensure they can’t get there—is critical to safeguarding the network.
About the Author
Wes Hutcherson is the Global Technology Evangelist at runZero.
With 16 years of experience in the technology and cybersecurity landscape, Wes has established himself as a seasoned expert in Total Attack Surface & Exposure Management. Wes’s deep expertise extends to Managed Detection and Response, and Offensive Security, areas where he has not only excelled but also shared his knowledge through public speeches, educational series, and published articles and studies.
Wes Hutcherson can be reached online via LinkedIn and at https://www.runzero.com/.
