Most of us know the value of keeping our software updated. This includes having the latest virus definitions installed and our operating systems and programs patched against the latest bugs. It’s really just standard practice to update these things.
Why?
It keeps our computers and networks running smoothly while ensuring any security vulnerabilities are fixed before someone can take advantage of them. If you don’t update your software, those weak points in your network security—a popular program or bug-filled browser—could be used by hackers to infect your system with malware. And if outdated software presents a security risk, imagine what kind of damage antiquated hardware can do to your security efforts.
Old hardware can create vulnerabilities that cyber criminals can take advantage of to breach systems. Not only do you have to worry about individuals creating windows of opportunity, but now there’s the chance that by simply using your software or equipment—because it’s outdated—could be creating weak spots for hackers to exploit in your network security.
Why keeping your IT assets current matters
Most software and hardware manufacturers assume customers will update their assets to cover the latest issues, most of which include security and functionality fixes. When a new version of something is released, often times older versions will receive less support—or none at all. Windows Operating Systems are a good example of this. When’s the last time you saw anything that supported Windows 98?
If you’re running older hardware, you might face warnings like this when trying to upgrade your OS or other vital software.
With outdated assets, you run into compatibility issues as well; but the most prohibiting aspect of running antiquated resources is the absence of security features.
Malware and hackers are evolving daily, and once something—like an operating system or piece of hardware—is considered obsolete, companies aren’t going to devote the resources to keeping them patched against the latest security threats (known as a product’s end of service life). At that point, they effectively become “use at your own risk.”
The longer software or hardware has been available to the public, the longer cyber-criminals have had to find their weaknesses, and the less likely you’ll be able to protect yourself against their intrusions.
Previously we discussed how to deal with ransomware and mentioned that many of the police departments who were being targeted by hackers were using outdated assets, such as DOS. This diminished their ability to protect themselves from hackers who were all too aware of the workarounds for DOS systems.
Technology is increasing in complexity, and so are the users behind each piece of hardware and software. This has caused these older IT assets to become such a problem for companies and their cyber security efforts.
The problem of “end-of-life” (EOL) assets
When something is marked at its end-of-life, it is typically done from the vendor’s point of view. At this point, the product will not be compatible with future products from that same vendor. These EOL assets are an issue because many companies do not have practices or procedures in place to audit their EOL IT assets to ensure a timely upgrade is performed; rather, they continue to use outdated products that increase their vulnerability to cyberattacks.
According to CIO Insight, 30-50% of IT assets installed in large businesses, on average, are past their EOL date; and, less than one-quarter of organizations can easily access or use data to assess the associated risks
The lack of visibility of their IT assets “and their associated attributes,” further reports CIO Insight, puts companies at a greater risk of cyberattack. So, the problem extends well beyond outdated software and hardware. A company’s ability to access the data related to their assets is just as crucial as the software and hardware itself is.
Without this information, a company may take too long to realize that a product is approaching its EOL data—or worse, past that date (and perhaps near its end of service life).
Stay aware and upgrade
You can use vendor catalogs to determine where most products are during their life cycle, which allows you to stay informed about the most current software and hardware. While you don’t necessarily have to be a day-one adopter, you can avoid using products that are no longer being supported or are incompatible with future assets. This is one of the simplest ways to reduce vulnerabilities in your system’s security, and keep your IT department one step ahead of cybercriminals.