When they determine what software package your people or servers operate, which includes OS version and kind, they will raise the likelihood of having the ability to exploit and install some thing in your community. The organization can then choose action and forestall long term threats with procedures like https://www.researchgate.net/publication/365308473_Development_of_Cyber_Attack_Model_for_Private_Network
