Idle infrastructure might cause your next breach – here’s how to stop it

Attacks on digital infrastructure are high on the worry list for CISOs in every sector. They hit retail giants like M&S, car manufacturers like Jaguar Land Rover, hospitals and even nurseries. Reports of serious cyber incidents seem to land with uncomfortable regularity, rising by 50% in the past year.

There’s plenty of talk about the risks businesses face, usually focused on AI-driven malware, zero-days, and the latest attack techniques – threats they’re constantly trying to keep up with. But the more uncomfortable truth is that attackers are also exploiting what organizations aren’t doing at all.

Many environments still run with thousands of accounts whose passwords never expire, and inactive “ghost” user accounts that are still enabled – a classic case of configure-once, forget-forever access. In parallel, there’s a physical blind spot: USB sticks, external drives and microSD cards stuffed with sensitive data ...