Monday, October 28, 2024

What "End Of Life" Means, And The Cyber Risks Of It

 


If you are an ardent user of Windows, you know that Microsoft typically retires their products after a certain period of time.  The good thing here is that they give you plenty of time notifying their customers, and even after a product has been discontinued, they still offer some level of support for a brief period.

While it is a good and even necessary thing to do this, unbelievably, people still use outdated software packages even after they have been discontinued.

A notable example of this is one of my cousins.  She works for the Federal Government in a high-level role, and despite this, unbelievably, they are still using Windows 7.  Not only is this a bad practice, but it is a very grave Cybersecurity Risk as well. 

If you are using an Operating System (OS) that no longer offers any type or kind of software upgrades or patches, you are leaving many back doors open that the Cyberattacker can very easily penetrate through and wreak all kinds of havoc.

The typical example of this is Data Exfiltration, when the Cyberattacker will steal the datasets in a very covert way.  They will do this very slowly, bit by bit, and when you do notice something is missing, it will very often be too late to do anything about it. 

Likely, it will have been sold on the Dark Web, or the Cyberattacker is getting ready to launch some kind of Ransomware or Extortion like attack. 

So, let us explore some reasons wat businesses still like to keep outdated software, even though they know they need to upgrade at some point in time.  Here are some findings:

1)     Money:

This is the biggest reason.  True, now, things are tight with companies right now, so most of them do not want to expend the extra money to upgrade, and keep things modernized.  But the truth of the matter is that if you use outdated software and hardware well beyond where no support is provided, once again you are taking a huge Cyber Risk.  And, if you are impacted by a security breach because of this, the cost of recovery will far exceed the cost it would have taken your business to get the new software.

2)     Shadow IT:

The formal term for this is “Shadow IT Management”.  When it comes to the workplace, this refers to when an employee is overlooking the shoulder of another employee to see what their login information is (such as the username and password).  But when it comes to the situation that we are talking about in this blog, it simply means that the CISO and their IT Security team are knowingly letting their employees use outdated software and are fully cognizant of that fact.  Astonishingly enough, according to a recent study, there are still some 47% of companies that let this happen.  To see more details about this, click on the link below:

Unmanaged Devices Run Rampant in 47% of Companies | 1Password

My Thoughts on This:

It could be the fact that some vendors clearly do not communicate with their customers about when their products will be discontinued.  But given the world today, that will be a huge risk for them to take, as the effects of reputational and branding damage will be exceedingly high if an outdated product a customer was using was the culprit for a major security breach.

So here are two tips of advice, from my side:

Ø  The CISO and their IT Security team need to keep a constant eye for what products and/or services are coming to an end.  Once they get a whiff of something that they are using is going to be outdated, plans need to be drawn up immediately in how to procure the next release or update.  Also, plenty of time must be allocated to present a new budget to the C-Suite, with explanations why these steps are necessary.

 

Ø  Always maintain a clear line of communication not only with all the stakeholders in your company, but also with the vendors with whom you procure IT related products and/or services from.

 

Microsoft has done a wonderful job with communicating the “End of Life” (this is the technical term when a product and/or service will no longer be available, and when support will no longer be available).  FYI, it will be terminated next year, and for more information on that, click on the link below:

Companies “wary” of Windows 11 migration challenges as Windows 10 EOL draws closer | ITPro

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...