How Unsupported Technologies Threaten Business Security

Uploaded on 2023-05-19 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

For all the talk about how the world of work has been forced to modernise and adapt in the wake of the pandemic, many of us are still relying on outdated technologies in the workplace. From government services that use outdated systems to business employees downloading unapproved apps, these unsupported technologies are everywhere. And they’re opening up organisations to unnecessary security risks.

There’s a simple reason why running outdated or unsupported apps and software is dangerous: these technologies don’t provide any assurance of security.

Obsolete software cannot be updated or patched, and hackers know that unsupported applications are an opportunity to get malicious files or code onto devices. As such, malicious actors will almost always target unsupported tech. From a security perspective, this is literally the weakest link in most organisations. 

Legacy technology doesn’t just present security concerns, either. In a recent report released from Virgin Media O2 Business, almost a third of business decision makers said outdated software or hardware is the biggest threat to their business’s efficiency. 

Therefore, businesses must ensure that all the technologies they’re relying on are supported, up-to-date, and secure. For some, this task might seem overwhelming. Where do you begin to find out where the critical security gaps are within your organisation, where products are being used which should have been retired long ago, and how can you bring your systems up-to-date and in line with modern security standards at a reasonable cost? Despite the challenges, these are questions which every business must answer.

Understanding The Risks

Running outdated software or using unpatched applications is a gift to threat actors. One of the most notorious examples of this is the 2017 WannaCry ransomware attack, where attackers exploited a weakness in obsolete versions of Microsoft Windows and hundreds of thousands of devices were infected.

So, knowing when your software or your applications will reach end-of-life status is paramount. It’s not enough to wait until your products are no longer secure before trying to patch or quarantine them while you make amendments.

Plan in advance to phase-out end-of-life technologies or find secure workarounds, and implement these well ahead of time. Note, however, that many application patches, alternative controls or workarounds should only be temporary. Some regulatory frameworks even require businesses to have long-term remediation plans in place when using application patches to ensure the highest levels of security. 

Know Your Infrastructure

The modern workplace means businesses have more technologies than ever before to contend with. Many businesses have BYOD policies, or employees work across multiple devices, accessing business-critical data at home, on personal devices, or on public networks. Any personal application that’s downloaded onto a device used for work should be seen as a potential threat. Those in regulated industries should be especially astute – threat actors look to exploit the apps and tools used by organisations that handle large volumes of critical data – think healthcare, legal, finance. 

Does your business currently understand fully how apps are used across its workforce?

Every business should have complete visibility into the devices used by all employees. This means knowing how many devices are used to access business data and understanding which operating systems and applications are used and installed on these devices. The importance of instituting a strong asset management policy cannot be overstated. In fact, for many cybersecurity professionals, asset management is becoming a key indicator of good cyber health within organisations. The British government’s Cyber Essentials program emphasises the importance of good asset management, too. 

When looking at how applications are used by your employees and across your business, consider what risks - if any - you are willing to take.

Many businesses implement policies that forbid sideloaded apps from being downloaded, for example. When enrolling devices, businesses could install a pre-approved suite of apps from official providers that they’ve deemed secure or business-appropriate. By leveraging the power of Android zero-touch enrollment, apps can be installed before devices are even in users’ hands. This is an effective way to ensure app consistency among all new devices, and to ensure that your business knows exactly what’s installed, and on what device. This makes keeping an up-to-date register simpler and more streamlined.

And with application inventories in place, businesses can keep an active tab on the various apps’ security protections and their patch release dates. 

Test, Test, Test

Now your business knows exactly who’s using what for work, and your software and applications are running the most up-to-date versions. What’s next? The security of these technologies must be put to the test.

When looking at the entire threat landscape, it can be overwhelming for business leaders to determine which threats pose the most risk and should be remediated. Which vulnerabilities are most critical to your industry and to your business? Where are the biggest threats? If you’re going to invest in cybersecurity protections, or newer versions of software or hardware, where will you realise the biggest security gains?

Continuous security validation is a key way for businesses to keep on top of live and emerging threats.

It’s only by actively putting your security defences to the test that you’ll understand where the gaps are, and where your business should focus its remediation efforts. Crucially, continuous security validation and penetration testing that specifically looks at the mobile apps used across your workforce can reveal the vulnerabilities present in these apps, so that your IT teams are notified immediately when an app is deemed risky. 

If your business is relying on outdated or unsupported products, the ultimate goal should be to retire or replace them. In the meantime, prioritise risk management by maintaining complete visibility over all applications and systems used in your workforce, and put your systems’ security defences to the test.

Businesses will never be completely risk-free, but taking steps to mitigate risk is vital for keeping your data, devices, and users secure. There is no reason to trust critical business information to an unsupported operating system or vulnerable application. 

Steve Whiter is Director at Appurity

You Might Also Read: 

Are Your Employees The Weakest Link Against Cyber Crime?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Future Of Artificial Intelligence
Web Application Security Testing: A Complete Guide »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

Logpoint

Logpoint

Logpoint is a creator of innovative security platforms to empower security teams in accelerating threat detection, investigation and response with a consolidated tech stack.

Praetorian

Praetorian

Praetorian is an offensive cybersecurity company whose mission is to prevent breaches before they occur.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

NSIT

NSIT

NSIT SAS is a consulting, advisory and service provider in IT systems. Solution areas include networking & infrastructure, IT management & administration, and cyber security.

Redstor

Redstor

Redstor's complete data management helps you discover, manage and control your data from a single control centre, unifying backup and recovery, disaster recovery, archiving and search and insight.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

EasyDMARC

EasyDMARC

EasyDMARC deliver the most comprehensive product for anyone who strives to build the most secure possible defence system for their email ecosystem.

Zyston

Zyston

Zyston's solutions provide end-to-end management of your cybersecurity needs. Our range of services help protect your business where it needs it the most.

Ontinue

Ontinue

Ontinue ION is an MXDR service that provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk.

Centric Consulting

Centric Consulting

Centric Consulting is an international management consulting firm with unmatched expertise in business transformation, AI strategy, cyber risk management, technology implementation and adoption. 

Arsen Cybersecurity

Arsen Cybersecurity

Arsen is a French cybersecurity startup, dedicated to enhancing human behaviors in cybersecurity.

Beazley Security

Beazley Security

Beazley Security is a global cyber security firm committed to helping clients develop true cyber resilience: the ability to withstand and recover from any cyberattack.

Stratsec

Stratsec

Stratsec is a global team of experts on a mission to protect human life, well-being and the environment against cyber-driven threats.

NeoGuardian

NeoGuardian

NeoGuardian offer robust solutions to protect your data and systems against cyber threats, with an innovative and fully business-focused approach.