If you are an
ardent user of Windows, you know that Microsoft typically retires their
products after a certain period of time.
The good thing here is that they give you plenty of time notifying their
customers, and even after a product has been discontinued, they still offer
some level of support for a brief period.
While it is a
good and even necessary thing to do this, unbelievably, people still use outdated
software packages even after they have been discontinued.
A notable
example of this is one of my cousins.
She works for the Federal Government in a high-level role, and despite
this, unbelievably, they are still using Windows 7. Not only is this a bad practice, but it is a
very grave Cybersecurity Risk as well.
If you are using
an Operating System (OS) that no longer offers any type or kind of software
upgrades or patches, you are leaving many back doors open that the Cyberattacker
can very easily penetrate through and wreak all kinds of havoc.
The typical
example of this is Data Exfiltration, when the Cyberattacker will steal the
datasets in a very covert way. They will
do this very slowly, bit by bit, and when you do notice something is missing,
it will very often be too late to do anything about it.
Likely, it
will have been sold on the Dark Web, or the Cyberattacker is getting ready to
launch some kind of Ransomware or Extortion like attack.
So, let us
explore some reasons wat businesses still like to keep outdated software, even
though they know they need to upgrade at some point in time. Here are some findings:
1)
Money:
This
is the biggest reason. True, now, things
are tight with companies right now, so most of them do not want to expend the extra
money to upgrade, and keep things modernized.
But the truth of the matter is that if you use outdated software and hardware
well beyond where no support is provided, once again you are taking a huge
Cyber Risk. And, if you are impacted by
a security breach because of this, the cost of recovery will far exceed the cost
it would have taken your business to get the new software.
2)
Shadow
IT:
The
formal term for this is “Shadow IT Management”.
When it comes to the workplace, this refers to when an employee is
overlooking the shoulder of another employee to see what their login information
is (such as the username and password).
But when it comes to the situation that we are talking about in this
blog, it simply means that the CISO and their IT Security team are knowingly
letting their employees use outdated software and are fully cognizant of that
fact. Astonishingly enough, according to
a recent study, there are still some 47% of companies that let this
happen. To see more details about this,
click on the link below:
Unmanaged
Devices Run Rampant in 47% of Companies | 1Password
My
Thoughts on This:
It could be the
fact that some vendors clearly do not communicate with their customers about when
their products will be discontinued. But
given the world today, that will be a huge risk for them to take, as the effects
of reputational and branding damage will be exceedingly high if an outdated
product a customer was using was the culprit for a major security breach.
So here are
two tips of advice, from my side:
Ø
The
CISO and their IT Security team need to keep a constant eye for what products and/or
services are coming to an end. Once they
get a whiff of something that they are using is going to be outdated, plans need
to be drawn up immediately in how to procure the next release or update. Also, plenty of time must be allocated to
present a new budget to the C-Suite, with explanations why these steps are
necessary.
Ø
Always
maintain a clear line of communication not only with all the stakeholders in your
company, but also with the vendors with whom you procure IT related products
and/or services from.
Microsoft has
done a wonderful job with communicating the “End of Life” (this is the
technical term when a product and/or service will no longer be available, and
when support will no longer be available).
FYI, it will be terminated next year, and for more information on that,
click on the link below:
Companies
“wary” of Windows 11 migration challenges as Windows 10 EOL draws closer |
ITPro
No comments:
Post a Comment