How Unsupported Technologies Threaten Business Security

Uploaded on 2023-05-19 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

For all the talk about how the world of work has been forced to modernise and adapt in the wake of the pandemic, many of us are still relying on outdated technologies in the workplace. From government services that use outdated systems to business employees downloading unapproved apps, these unsupported technologies are everywhere. And they’re opening up organisations to unnecessary security risks.

There’s a simple reason why running outdated or unsupported apps and software is dangerous: these technologies don’t provide any assurance of security.

Obsolete software cannot be updated or patched, and hackers know that unsupported applications are an opportunity to get malicious files or code onto devices. As such, malicious actors will almost always target unsupported tech. From a security perspective, this is literally the weakest link in most organisations. 

Legacy technology doesn’t just present security concerns, either. In a recent report released from Virgin Media O2 Business, almost a third of business decision makers said outdated software or hardware is the biggest threat to their business’s efficiency. 

Therefore, businesses must ensure that all the technologies they’re relying on are supported, up-to-date, and secure. For some, this task might seem overwhelming. Where do you begin to find out where the critical security gaps are within your organisation, where products are being used which should have been retired long ago, and how can you bring your systems up-to-date and in line with modern security standards at a reasonable cost? Despite the challenges, these are questions which every business must answer.

Understanding The Risks

Running outdated software or using unpatched applications is a gift to threat actors. One of the most notorious examples of this is the 2017 WannaCry ransomware attack, where attackers exploited a weakness in obsolete versions of Microsoft Windows and hundreds of thousands of devices were infected.

So, knowing when your software or your applications will reach end-of-life status is paramount. It’s not enough to wait until your products are no longer secure before trying to patch or quarantine them while you make amendments.

Plan in advance to phase-out end-of-life technologies or find secure workarounds, and implement these well ahead of time. Note, however, that many application patches, alternative controls or workarounds should only be temporary. Some regulatory frameworks even require businesses to have long-term remediation plans in place when using application patches to ensure the highest levels of security. 

Know Your Infrastructure

The modern workplace means businesses have more technologies than ever before to contend with. Many businesses have BYOD policies, or employees work across multiple devices, accessing business-critical data at home, on personal devices, or on public networks. Any personal application that’s downloaded onto a device used for work should be seen as a potential threat. Those in regulated industries should be especially astute – threat actors look to exploit the apps and tools used by organisations that handle large volumes of critical data – think healthcare, legal, finance. 

Does your business currently understand fully how apps are used across its workforce?

Every business should have complete visibility into the devices used by all employees. This means knowing how many devices are used to access business data and understanding which operating systems and applications are used and installed on these devices. The importance of instituting a strong asset management policy cannot be overstated. In fact, for many cybersecurity professionals, asset management is becoming a key indicator of good cyber health within organisations. The British government’s Cyber Essentials program emphasises the importance of good asset management, too. 

When looking at how applications are used by your employees and across your business, consider what risks - if any - you are willing to take.

Many businesses implement policies that forbid sideloaded apps from being downloaded, for example. When enrolling devices, businesses could install a pre-approved suite of apps from official providers that they’ve deemed secure or business-appropriate. By leveraging the power of Android zero-touch enrollment, apps can be installed before devices are even in users’ hands. This is an effective way to ensure app consistency among all new devices, and to ensure that your business knows exactly what’s installed, and on what device. This makes keeping an up-to-date register simpler and more streamlined.

And with application inventories in place, businesses can keep an active tab on the various apps’ security protections and their patch release dates. 

Test, Test, Test

Now your business knows exactly who’s using what for work, and your software and applications are running the most up-to-date versions. What’s next? The security of these technologies must be put to the test.

When looking at the entire threat landscape, it can be overwhelming for business leaders to determine which threats pose the most risk and should be remediated. Which vulnerabilities are most critical to your industry and to your business? Where are the biggest threats? If you’re going to invest in cybersecurity protections, or newer versions of software or hardware, where will you realise the biggest security gains?

Continuous security validation is a key way for businesses to keep on top of live and emerging threats.

It’s only by actively putting your security defences to the test that you’ll understand where the gaps are, and where your business should focus its remediation efforts. Crucially, continuous security validation and penetration testing that specifically looks at the mobile apps used across your workforce can reveal the vulnerabilities present in these apps, so that your IT teams are notified immediately when an app is deemed risky. 

If your business is relying on outdated or unsupported products, the ultimate goal should be to retire or replace them. In the meantime, prioritise risk management by maintaining complete visibility over all applications and systems used in your workforce, and put your systems’ security defences to the test.

Businesses will never be completely risk-free, but taking steps to mitigate risk is vital for keeping your data, devices, and users secure. There is no reason to trust critical business information to an unsupported operating system or vulnerable application. 

Steve Whiter is Director at Appurity

You Might Also Read: 

Are Your Employees The Weakest Link Against Cyber Crime?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Future Of Artificial Intelligence
Web Application Security Testing: A Complete Guide »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

Futurex

Futurex

Futurex is a globally recognized provider of enterprise-class data encryption solutions.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

Prolimax

Prolimax

Prolimax deliver innovative solutions to IT Manufacturers, Distributors, Resellers and End-users including Data Erasure and secure IT Asset Disposition (ITAD)

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

Pentest360

Pentest360

Pentest360 is a 24x7x365 Penetration testing service offered through a feature-rich, centralised platform on the cloud that delivers instant visibility during security assessments.

Nexor

Nexor

Nexor are a UK-based cyber security company with 30 years' experience in secure information exchange.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

3B Data Security

3B Data Security

3B Data Security offer a range of Penetration Testing, Digital Forensics, Incident Response and Data Breach Management Services.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

V3 Cybersecurity

V3 Cybersecurity

V3 Cybersecurity is a unique company focused on contextualization of security programs from a business perspective. Our mission is to provide enterprise IT Risk Management capabilities.

Bleach Cyber

Bleach Cyber

Bleach Cyber helps small businesses with an affordable and user-friendly solution for managing cloud security.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.

Airlock Digital

Airlock Digital

Airlock Digital was created after many years of experience in implementing whitelisting/ allowlisting solutions in Federal Government and various enterprises in Australia.

Hummingbird International

Hummingbird International

Hummingbird International, LLC offers services for the collection, audit, computer recycling and safe disposal of laptops, monitor/LCD, hard drives, and IT disposal.