1. Risky unmanaged devices

Unmanaged devices that have "slipped through the cracks" through staffing changes, updates of business strategy, and mergers & acquisitions introduce the most extreme risks. Nobody knows who's responsible for them, so they never get patched, making them vulnerable to intruders.

2. Vulnerable cloud environments

Temporary cloud environments become vulnerable when abandoned without proper decommissioning. Even worse, many organizations don't even know what networks they have.

3. Previously unknown subnets

Plenty of subnets spring up on their own as if by magic, and if you're not looking for them, there's a good chance you won't even know they exist.