How Unsupported Technologies Threaten Business Security

For all the talk about how the world of work has been forced to modernise and adapt in the wake of the pandemic, many of us are still relying on outdated technologies in the workplace. From government services that use outdated systems to business employees downloading unapproved apps, these unsupported technologies are everywhere. And they’re opening up organisations to unnecessary security risks.

There’s a simple reason why running outdated or unsupported apps and software is dangerous: these technologies don’t provide any assurance of security.

Obsolete software cannot be updated or patched, and hackers know that unsupported applications are an opportunity to get malicious files or code onto devices. As such, malicious actors will almost always target unsupported tech. From a security perspective, this is literally the weakest link in most organisations. 

Legacy technology doesn’t just present security concerns, either. In a recent report released from Virgin Media O2 Business, almost a third of business decision makers said outdated software or hardware is the biggest threat to their business’s efficiency. 

Therefore, businesses must ensure that all the technologies they’re relying on are supported, up-to-date, and secure. For some, this task might seem overwhelming. Where do you begin to find out where the critical security gaps are within your organisation, where products are being used which should have been retired long ago, and how can you bring your systems up-to-date and in line with modern security standards at a reasonable cost? Despite the challenges, these are questions which every business must answer.

Understanding The Risks

Running outdated software or using unpatched applications is a gift to threat actors. One of the most notorious examples of this is the 2017 WannaCry ransomware attack, where attackers exploited a weakness in obsolete versions of Microsoft Windows and hundreds of thousands of devices were infected.

So, knowing when your software or your applications will reach end-of-life status is paramount. It’s not enough to wait until your products are no longer secure before trying to patch or quarantine them while you make amendments.

Plan in advance to phase-out end-of-life technologies or find secure workarounds, and implement these well ahead of time. Note, however, that many application patches, alternative controls or workarounds should only be temporary. Some regulatory frameworks even require businesses to have long-term remediation plans in place when using application patches to ensure the highest levels of security. 

Know Your Infrastructure

The modern workplace means businesses have more technologies than ever before to contend with. Many businesses have BYOD policies, or employees work across multiple devices, accessing business-critical data at home, on personal devices, or on public networks. Any personal application that’s downloaded onto a device used for work should be seen as a potential threat. Those in regulated industries should be especially astute – threat actors look to exploit the apps and tools used by organisations that handle large volumes of critical data – think healthcare, legal, finance. 

Does your business currently understand fully how apps are used across its workforce?

Every business should have complete visibility into the devices used by all employees. This means knowing how many devices are used to access business data and understanding which operating systems and applications are used and installed on these devices. The importance of instituting a strong asset management policy cannot be overstated. In fact, for many cybersecurity professionals, asset management is becoming a key indicator of good cyber health within organisations. The British government’s Cyber Essentials program emphasises the importance of good asset management, too. 

When looking at how applications are used by your employees and across your business, consider what risks - if any - you are willing to take.

Many businesses implement policies that forbid sideloaded apps from being downloaded, for example. When enrolling devices, businesses could install a pre-approved suite of apps from official providers that they’ve deemed secure or business-appropriate. By leveraging the power of Android zero-touch enrollment, apps can be installed before devices are even in users’ hands. This is an effective way to ensure app consistency among all new devices, and to ensure that your business knows exactly what’s installed, and on what device. This makes keeping an up-to-date register simpler and more streamlined.

And with application inventories in place, businesses can keep an active tab on the various apps’ security protections and their patch release dates. 

Test, Test, Test

Now your business knows exactly who’s using what for work, and your software and applications are running the most up-to-date versions. What’s next? The security of these technologies must be put to the test.

When looking at the entire threat landscape, it can be overwhelming for business leaders to determine which threats pose the most risk and should be remediated. Which vulnerabilities are most critical to your industry and to your business? Where are the biggest threats? If you’re going to invest in cybersecurity protections, or newer versions of software or hardware, where will you realise the biggest security gains?

Continuous security validation is a key way for businesses to keep on top of live and emerging threats.

It’s only by actively putting your security defences to the test that you’ll understand where the gaps are, and where your business should focus its remediation efforts. Crucially, continuous security validation and penetration testing that specifically looks at the mobile apps used across your workforce can reveal the vulnerabilities present in these apps, so that your IT teams are notified immediately when an app is deemed risky. 

If your business is relying on outdated or unsupported products, the ultimate goal should be to retire or replace them. In the meantime, prioritise risk management by maintaining complete visibility over all applications and systems used in your workforce, and put your systems’ security defences to the test.

Businesses will never be completely risk-free, but taking steps to mitigate risk is vital for keeping your data, devices, and users secure. There is no reason to trust critical business information to an unsupported operating system or vulnerable application. 

Steve Whiter is Director at Appurity

You Might Also Read: 

Are Your Employees The Weakest Link Against Cyber Crime?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Future Of Artificial Intelligence
Web Application Security Testing: A Complete Guide »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

DataVisor

DataVisor

DataVisor is a big data fraud detection and anti-money laundering solution.

Garrison Technology

Garrison Technology

Garrison SAVI® is a unique technology for secure remote browsing that can dramatically change the risk profile for enterprise cyber security.

Webtotem

Webtotem

Webtotem's mission is to prevent the global epidemic of website infection and provide every website owner with basic security rights.

HardSecure

HardSecure

Hardsecure supports organizations to face security threats through the adoption of cybersecurity capabilities that guarantee 360º monitoring, visibility, mitigation, and blocking.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

Framatome

Framatome

Framatome Cybersecurity portfolio is directly inspired by its unique experience in nuclear safety for critical information systems and electrical systems design.

WithSecure

WithSecure

WithSecure (formerly F-Secure Business) is your reliable cyber security partner, providing outcome-based cyber security that protects and enables operations.

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startups Association is an umbrella organization that aims to promote, support and represent the interests of tech startups in Romania.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

Digital Intelligence

Digital Intelligence

Digital Intelligence offer a full array of products, forensic and e-discovery consulting services and training.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

Sekoia.io

Sekoia.io

Sekoia.io is a European cybersecurity company whose mission is to develop the best protection capabilities against cyber-attacks.

ZAG Technical Services

ZAG Technical Services

ZAG Technical Services is an award-winning information technology consulting firm delivering digital transformation solutions, IT assessments, managed services, security, and support.

StrongDM

StrongDM

StrongDM is the leader in Zero Trust Privileged Access Management (PAM).