Let’s set the record straight: the greatest risk to most companies isn’t breaking news. It’s known weaknesses that are left unaddressed due to slow patching, poor segmentation, and lack of security hygiene. These are the so-called “one-days,” and they’re the bread and butter of modern attackers.
In a perfect world, these issues would be solved by higher budgets, additional security experts, and more hours in the day. But that is not the world we live in. There isn’t enough security expertise to go around and nobody wants to write bigger checks with no measurable form of ROI to count on in return. So we need to rethink where the money goes and how to supplement the labor we can currently count on. The answer: automation.
Where the Real Risk Lives
I’ve spent my career on both sides of the fence. First, I was a white hat hacker and penetration tester, and today I build tools to protect the same environments I used to break into. I’ve led pen tests on everything from banks to hospitals. What I saw then is still true now: the vast majority of successful attacks exploit known vulnerabilities that simply haven’t been remediated.
Many modern attacks exploit known vulnerabilities for which a patch is available but not applied. In many cases, they’ve been known for several years. Even when nobody inside the company technically knew about them, they’re issues that could easily have been preempted with basic security hygiene and adherence to best practices.
The problem isn’t just that the mean time to patch (MTTP) is too long. It’s that far too many organizations still lack the security maturity to identify, prioritize, and remediate vulnerabilities before attackers take advantage. Poor segmentation, configuration creep, inadequate network hygiene, and human error remain chronic, well-documented weaknesses that give adversaries an easy path in. The fundamentals aren’t failing because we don’t know what to do. They’re failing because we can’t do it fast enough.
Exploits in Plain Sight
I’ve witnessed firsthand how easy it is to exploit the little, every-day vulnerabilities.
Years ago, I conducted a pen test at a hospital. I posed as a patient in the ER waiting room. Behind me was a network printer. No one asked questions when I unplugged it and inserted my laptop. Within seconds, I was inside the corporate network—no segmentation, no access controls. I scanned the environment and discovered the hospital’s entire telephony hub. While testing a denial-of-service tool, I managed to trigger every phone on the hospital floor to ring simultaneously. It was chaotic. This wasn’t a clever zero-day. It was a textbook case of poor network segmentation and lack of printer management—issues that have been well-documented for years in NIST and CIS security frameworks.
Luckily, I was working for the good guys, but imagine the fallout if I were a rogue black hat hacker, had gained full access in a single sitting and deployed a malicious payload. Hospitals need to be reachable. Lives depend on it. And yet, in this environment, a single unmanaged printer became an attack vector.
Banks weren’t much better. One institution had just rolled out a customer referral campaign which sent official emails from the bank inviting new customers to join. We figured out how to flip those emails to send internally and altered the text to create a phishing attack targeting employees. “Choose your holiday gift,” the email read. It led to a fake SharePoint login page we designed to collect credentials. Once inside, we pivoted through internal web portals and eventually accessed sensitive customer data.
Once again, this was a segmentation and a configuration issue, not a headline-grabbing zero-day.
The Human Bottleneck
Security teams know the pain of patching. I’ve been there, too. I once managed security for a pension fund with 20,000 machines. Coordinating updates, validating compatibility, avoiding downtime — it’s a logistical nightmare, especially across hybrid environments with various OSes and endpoints.
But cybersecurity isn’t an excuses business; it’s a results business. Attackers don’t sit on their hands and wait for defenders to get their ducks in a row before they pounce. Every delay, every misconfiguration, every unsegmented printer is blood in the water.
Even with best intentions, most organizations move too slowly. The research shows that for high-priority critical vulnerabilities, most teams can cut their remediation time to an average of about 60 to 150 days. That’s considered good in many industries. Some overachieving teams tout two-week Service Level Agreements (SLAs) as a win—but that’s still 14 days of exposure. In attacker time, that’s an eternity.
Automating the Next Frontier
Defenders have to be right every time. Attackers only need to be right once. Give them a sliver of opportunity, and they’ll take it.
The asymmetry between attackers and defenders is why human-led remediation won’t cut it anymore. The human factor, while crucial, is becoming a bottleneck. Even the most talented engineers can’t keep pace with the scale of modern attack surfaces. It’s too easy to fall behind.
We must adjust our expectations of the role of automation within our security plan. Security workflows must be flipped: automation will handle the bulk of decisions and actions, while human teams validate the edge cases. That’s how we scale.
The future of security will require reducing the time-to-remediation from weeks to hours, or even minutes. That means prioritization must be algorithmic, not based on gut instinct. Remediation must be automated, not ticket-based.
Modern remediation systems need to not only detect and prioritize vulnerabilities but deploy mitigations autonomously—often before a ticket is even created.
Speed is Survival
Breaches will happen. That part is inevitable. But if you can shrink the opportunity window from months to minutes, you’ll drastically reduce the blast radius. That’s the difference between a bullet point in a meeting with your CISO and a Bloomberg headline.
As someone who used to break in, trust me: the defenders who win are the ones who move fastest. And today, that means the ones who automate first.
About the Author
Roi Cohen is CEO and Co-Founder of Vicarius. As the CEO and Co-Founder of Vicarius, he leads the sales, marketing, and customer success teams of a cyber security company that provides exposure management solutions for enterprises. With over twenty years of experience in the cyber security industry, Roi has a strong track record of building and managing high-performing teams, delivering innovative products, and exceeding revenue goals.
Roi’s expertise in cyber security stems from his previous roles as a malware research team leader at CyberArk and CYBERTINEL, where he initiated and conducted multiple vulnerability research projects, developed cyber security assessment tools, and wrote and submitted patents in the cyber security field. He also has an MBA in Management of Technology, Innovation, and Entrepreneurship from Tel Aviv University, which equipped him with the skills and knowledge to create and execute effective business strategies in the tech sector. He is passionate about solving complex cyber security challenges and empowering our customers with cutting-edge solutions.
Roi can be reached online at https://www.linkedin.com/in/roicohen/ or https://www.vicarius.io/
