The IT environment is never perfect, but like the leaning tower of Pisa, with decent upkeep, it can last long. Basic cyber hygiene practices can keep the lights on and even legacy systems that have no current security patches available may be set behind a firewall and maintain integrity for a long time.
But here’s the secret, you have to know where the upkeep is most needed in order to hold the tower from collapsing and make sure that what you have in place is just enough to get you by.
To do so, a new approach to security validation is required, one that is always-on, and challenges the organizational attack surface to its fullest. Wiki for the Pisa tower and the engineering around keeping it standing here.