In practice, many companies do not take such action. They have not initiated any measures to identify and close attack surfaces. The longer a vulnerability exists, the easier it is for the hacker - especially since the defender's dilemma comes into play here: The attacker must find ONE gap in order to be able to exploit it specifically. Companies, on the other hand, ideally have to close all gaps. However, since this is impossible according to the assume-breach paradigm, the motto is: keep the attack surface as small as possible.