How Unsupported Technologies Threaten Business Security

For all the talk about how the world of work has been forced to modernise and adapt in the wake of the pandemic, many of us are still relying on outdated technologies in the workplace. From government services that use outdated systems to business employees downloading unapproved apps, these unsupported technologies are everywhere. And they’re opening up organisations to unnecessary security risks.

There’s a simple reason why running outdated or unsupported apps and software is dangerous: these technologies don’t provide any assurance of security.

Obsolete software cannot be updated or patched, and hackers know that unsupported applications are an opportunity to get malicious files or code onto devices. As such, malicious actors will almost always target unsupported tech. From a security perspective, this is literally the weakest link in most organisations. 

Legacy technology doesn’t just present security concerns, either. In a recent report released from Virgin Media O2 Business, almost a third of business decision makers said outdated software or hardware is the biggest threat to their business’s efficiency. 

Therefore, businesses must ensure that all the technologies they’re relying on are supported, up-to-date, and secure. For some, this task might seem overwhelming. Where do you begin to find out where the critical security gaps are within your organisation, where products are being used which should have been retired long ago, and how can you bring your systems up-to-date and in line with modern security standards at a reasonable cost? Despite the challenges, these are questions which every business must answer.

Understanding The Risks

Running outdated software or using unpatched applications is a gift to threat actors. One of the most notorious examples of this is the 2017 WannaCry ransomware attack, where attackers exploited a weakness in obsolete versions of Microsoft Windows and hundreds of thousands of devices were infected.

So, knowing when your software or your applications will reach end-of-life status is paramount. It’s not enough to wait until your products are no longer secure before trying to patch or quarantine them while you make amendments.

Plan in advance to phase-out end-of-life technologies or find secure workarounds, and implement these well ahead of time. Note, however, that many application patches, alternative controls or workarounds should only be temporary. Some regulatory frameworks even require businesses to have long-term remediation plans in place when using application patches to ensure the highest levels of security. 

Know Your Infrastructure

The modern workplace means businesses have more technologies than ever before to contend with. Many businesses have BYOD policies, or employees work across multiple devices, accessing business-critical data at home, on personal devices, or on public networks. Any personal application that’s downloaded onto a device used for work should be seen as a potential threat. Those in regulated industries should be especially astute – threat actors look to exploit the apps and tools used by organisations that handle large volumes of critical data – think healthcare, legal, finance. 

Does your business currently understand fully how apps are used across its workforce?

Every business should have complete visibility into the devices used by all employees. This means knowing how many devices are used to access business data and understanding which operating systems and applications are used and installed on these devices. The importance of instituting a strong asset management policy cannot be overstated. In fact, for many cybersecurity professionals, asset management is becoming a key indicator of good cyber health within organisations. The British government’s Cyber Essentials program emphasises the importance of good asset management, too. 

When looking at how applications are used by your employees and across your business, consider what risks - if any - you are willing to take.

Many businesses implement policies that forbid sideloaded apps from being downloaded, for example. When enrolling devices, businesses could install a pre-approved suite of apps from official providers that they’ve deemed secure or business-appropriate. By leveraging the power of Android zero-touch enrollment, apps can be installed before devices are even in users’ hands. This is an effective way to ensure app consistency among all new devices, and to ensure that your business knows exactly what’s installed, and on what device. This makes keeping an up-to-date register simpler and more streamlined.

And with application inventories in place, businesses can keep an active tab on the various apps’ security protections and their patch release dates. 

Test, Test, Test

Now your business knows exactly who’s using what for work, and your software and applications are running the most up-to-date versions. What’s next? The security of these technologies must be put to the test.

When looking at the entire threat landscape, it can be overwhelming for business leaders to determine which threats pose the most risk and should be remediated. Which vulnerabilities are most critical to your industry and to your business? Where are the biggest threats? If you’re going to invest in cybersecurity protections, or newer versions of software or hardware, where will you realise the biggest security gains?

Continuous security validation is a key way for businesses to keep on top of live and emerging threats.

It’s only by actively putting your security defences to the test that you’ll understand where the gaps are, and where your business should focus its remediation efforts. Crucially, continuous security validation and penetration testing that specifically looks at the mobile apps used across your workforce can reveal the vulnerabilities present in these apps, so that your IT teams are notified immediately when an app is deemed risky. 

If your business is relying on outdated or unsupported products, the ultimate goal should be to retire or replace them. In the meantime, prioritise risk management by maintaining complete visibility over all applications and systems used in your workforce, and put your systems’ security defences to the test.

Businesses will never be completely risk-free, but taking steps to mitigate risk is vital for keeping your data, devices, and users secure. There is no reason to trust critical business information to an unsupported operating system or vulnerable application. 

Steve Whiter is Director at Appurity

You Might Also Read: 

Are Your Employees The Weakest Link Against Cyber Crime?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Future Of Artificial Intelligence
Web Application Security Testing: A Complete Guide »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

HSI Cyber Crimes Center

HSI Cyber Crimes Center

HSI's Cyber Crimes Center delivers computer-based technical services to support domestic and international investigations into cross-border crime.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

Bufferzone Security

Bufferzone Security

Bufferzone is a patented containment solution that defends endpoints against advanced malware and zero-day attacks while maximizing user and IT productivity.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

Ergon Informatik

Ergon Informatik

Ergon Informatik AG is Switzerland's leading provider of customised software solutions and software products including fraud detection and the Airlock web security suite.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Synelixis Solutions

Synelixis Solutions

Synelixis Solutions is a high-tech company founded to provide complete telecommunications, networking, security, control and automation solutions.

National Cybersecurity Preparedness Consortium (NCPC)

National Cybersecurity Preparedness Consortium (NCPC)

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Horiba Mira

Horiba Mira

Horiba Mira is a global provider of automotive engineering, research and test services including services and solutions for automotive cybersecurity.

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

Security BSides

Security BSides

Security BSides is the first grass roots, DIY, open security conference in the world!. BSides is a community-driven framework for building events for and by information security community members.

Darkbeam

Darkbeam

Darkbeam provides a unified solution to protect against security, brand and compliance risks across your digital infrastructure.

Skudo

Skudo

Skudo is dedicated to creating innovative best-in-class solutions that protect data exchange with the highest level of security and privacy.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.