How Unsupported Technologies Threaten Business Security

Uploaded on 2023-05-19 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

For all the talk about how the world of work has been forced to modernise and adapt in the wake of the pandemic, many of us are still relying on outdated technologies in the workplace. From government services that use outdated systems to business employees downloading unapproved apps, these unsupported technologies are everywhere. And they’re opening up organisations to unnecessary security risks.

There’s a simple reason why running outdated or unsupported apps and software is dangerous: these technologies don’t provide any assurance of security.

Obsolete software cannot be updated or patched, and hackers know that unsupported applications are an opportunity to get malicious files or code onto devices. As such, malicious actors will almost always target unsupported tech. From a security perspective, this is literally the weakest link in most organisations. 

Legacy technology doesn’t just present security concerns, either. In a recent report released from Virgin Media O2 Business, almost a third of business decision makers said outdated software or hardware is the biggest threat to their business’s efficiency. 

Therefore, businesses must ensure that all the technologies they’re relying on are supported, up-to-date, and secure. For some, this task might seem overwhelming. Where do you begin to find out where the critical security gaps are within your organisation, where products are being used which should have been retired long ago, and how can you bring your systems up-to-date and in line with modern security standards at a reasonable cost? Despite the challenges, these are questions which every business must answer.

Understanding The Risks

Running outdated software or using unpatched applications is a gift to threat actors. One of the most notorious examples of this is the 2017 WannaCry ransomware attack, where attackers exploited a weakness in obsolete versions of Microsoft Windows and hundreds of thousands of devices were infected.

So, knowing when your software or your applications will reach end-of-life status is paramount. It’s not enough to wait until your products are no longer secure before trying to patch or quarantine them while you make amendments.

Plan in advance to phase-out end-of-life technologies or find secure workarounds, and implement these well ahead of time. Note, however, that many application patches, alternative controls or workarounds should only be temporary. Some regulatory frameworks even require businesses to have long-term remediation plans in place when using application patches to ensure the highest levels of security. 

Know Your Infrastructure

The modern workplace means businesses have more technologies than ever before to contend with. Many businesses have BYOD policies, or employees work across multiple devices, accessing business-critical data at home, on personal devices, or on public networks. Any personal application that’s downloaded onto a device used for work should be seen as a potential threat. Those in regulated industries should be especially astute – threat actors look to exploit the apps and tools used by organisations that handle large volumes of critical data – think healthcare, legal, finance. 

Does your business currently understand fully how apps are used across its workforce?

Every business should have complete visibility into the devices used by all employees. This means knowing how many devices are used to access business data and understanding which operating systems and applications are used and installed on these devices. The importance of instituting a strong asset management policy cannot be overstated. In fact, for many cybersecurity professionals, asset management is becoming a key indicator of good cyber health within organisations. The British government’s Cyber Essentials program emphasises the importance of good asset management, too. 

When looking at how applications are used by your employees and across your business, consider what risks - if any - you are willing to take.

Many businesses implement policies that forbid sideloaded apps from being downloaded, for example. When enrolling devices, businesses could install a pre-approved suite of apps from official providers that they’ve deemed secure or business-appropriate. By leveraging the power of Android zero-touch enrollment, apps can be installed before devices are even in users’ hands. This is an effective way to ensure app consistency among all new devices, and to ensure that your business knows exactly what’s installed, and on what device. This makes keeping an up-to-date register simpler and more streamlined.

And with application inventories in place, businesses can keep an active tab on the various apps’ security protections and their patch release dates. 

Test, Test, Test

Now your business knows exactly who’s using what for work, and your software and applications are running the most up-to-date versions. What’s next? The security of these technologies must be put to the test.

When looking at the entire threat landscape, it can be overwhelming for business leaders to determine which threats pose the most risk and should be remediated. Which vulnerabilities are most critical to your industry and to your business? Where are the biggest threats? If you’re going to invest in cybersecurity protections, or newer versions of software or hardware, where will you realise the biggest security gains?

Continuous security validation is a key way for businesses to keep on top of live and emerging threats.

It’s only by actively putting your security defences to the test that you’ll understand where the gaps are, and where your business should focus its remediation efforts. Crucially, continuous security validation and penetration testing that specifically looks at the mobile apps used across your workforce can reveal the vulnerabilities present in these apps, so that your IT teams are notified immediately when an app is deemed risky. 

If your business is relying on outdated or unsupported products, the ultimate goal should be to retire or replace them. In the meantime, prioritise risk management by maintaining complete visibility over all applications and systems used in your workforce, and put your systems’ security defences to the test.

Businesses will never be completely risk-free, but taking steps to mitigate risk is vital for keeping your data, devices, and users secure. There is no reason to trust critical business information to an unsupported operating system or vulnerable application. 

Steve Whiter is Director at Appurity

You Might Also Read: 

Are Your Employees The Weakest Link Against Cyber Crime?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Future Of Artificial Intelligence
Web Application Security Testing: A Complete Guide »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Oracle Cloud Security

Oracle Cloud Security

Oracle’s cloud security solutions enable organizations to implement and manage consistent security policies across the hybrid data center.

RiskLens

RiskLens

RiskLens is a software company that specializes in the quantification of cybersecurity risk.

KZ-CERT

KZ-CERT

KZ-CERT is the national Computer Emergency Response Team for Kazakhstan.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

Verint Systems

Verint Systems

Verint is a leader in CX automation. The world’s most iconic brands rely on our open platform and team of AI-powered bots to create tangible AI business outcomes, now.

Aspen Insurance

Aspen Insurance

Aspen is a leading diversified specialty insurance and reinsurance company. Products offered include cyber insurance.

OutThink

OutThink

OutThink is a web-based platform (SaaS) that has been developed specifically to identify and reduce risky workforce behaviours and build a risk aware culture.

ACROS Security

ACROS Security

ACROS Security is a leading provider of security research, real penetration testing and code review for customers with the highest security requirements.

Root9B (R9B)

Root9B (R9B)

R9B offers advanced cybersecurity products, services, and training to enhance the way organizations protect their networks.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

Adversa AI

Adversa AI

Adversa's mission is to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents.

Intuitive Research & Technology Corp

Intuitive Research & Technology Corp

Intuitive Research and Technology is an aerospace engineering and analysis firm providing services to the Department of Defense, government agencies, and commercial companies.

Atlantica Digital

Atlantica Digital

Atlantica design and create highly innovative software solutions and solid, scalable and secure IT infrastructures for a constantly evolving market.

GlitchSecure

GlitchSecure

GlitchSecure helps companies secure their products and infrastructure through real-time continuous security testing.

Rydal Group

Rydal Group

Rydal Group is an award-winning, fully pledged communications & managed IT, Security and Energy provider supporting over 1,500 businesses across the UK.

Crytica Security

Crytica Security

Crytica Security is revolutionizing cybersecurity with its patented Rapid Detection & Alert (RDA) system providing real-time malware detection in seconds.