Earlier this year, the Federal Trade Commission warned companies to take action to address a new cybersecurity risk. The vulnerability is in software known as "Log4j" that many organizations use to log information in their applications, and the agency says it is one of the most dangerous threats identified.
Unfortunately, this is not an uncommon or unusual risk. Businesses today have hundreds of applications installed and connected to their networks which may be a security risk. Many of these applications may not even be supported or used by the organization, but they are quietly running in the background, providing an easy backdoor for cybercriminals.
Most businesses are aware that running outdated operating systems (OS) and server software is an immediate security risk. However, a recent survey has found that almost one quarter (22%) of PC users are still using the end-of-life OS Windows 7, which stopped receiving mainstream support in January 2020.
Today, we will discuss the issues caused by outdated apps and OSes, what is the best way to deal with them, and how to close these security holes.
When an OS comes to the end of its lifecycle, it means that no more updates will be issued by the vendor, including patches for critical security fixes. These "stale" or "dead" apps are a potential liability and growing security concern. During the WannaCry attack back in 2017, 67% of the systems impacted were vulnerable because their owners had delayed an upgrade to Windows 7.
By utilizing end of life applications, it may seem like attacks can come from unexpected places. Even though Office a productivity tool suite (Word, Excel, PowerPoint, Outlook) and may seem unrelated to overall system security, it can still open vulnerabilities to your whole network. Surprisingly, many people still work with Microsoft Office 2003 applications, even though it reached end-of-support in April 2014.
Mobile devices present an equally dangerous threat to a business environment. Mobile phones and tablets are like enterprise PCs in that manufacturers such as Samsung, Sony, Google and HTC only provide support and security patching to a phone OS for so long. A vulnerable phone could allow full access to everything that's on your phone, including your personal and company emails, contact information, your banking details or even record your phone calls.
Fortunately, there are tools to detect when users have outdated apps or dead applications on their PCs and mobile devices. Device management software is a type of management or security technology that enables IT to monitor, manage and secure corporate or personally owned mobile devices that run across multiple operating systems. However, this typically requires the end user or IT department to manually install the management tool on the device. Once the software is installed, the devices can be secured to meet the enterprise's security policy.
The best way to ensure businesses stay up to date is through consistent documentation and a solid set of maintenance and update processes. Centralized management tools like Microsoft's System Center Configuration Manager and others that push software updates for applications or new OSes.
An important tool for IT professionals is RMM, which stands for “remote monitoring and management.” Also called patch management, RMM can monitor and manage virtual machines, laptops, desktops and servers with identical automated deployments. These tools connect to networked PCs, remote devices, mobile device and backups to ensure licenses are up to date, updates and patches are installed and system firmware is current.
Even if you think you are vigilant and protected while online, updating your software is an essential element of security that should not be overlooked, regardless of any third-party security solution’s presence. Businesses that use outdated legacy technology increase their cybersecurity vulnerabilities. In fact, research shows that over 10,000 new malware threats are discovered each hour.
Cybersecurity best practices recommend, for good reasons, that all enterprise apps have all current security patches in place. Bottom line: the cost it takes to recover from a cyberattack caused by an unsupported OS is a lot larger than the cost of upgrading your hardware and training your team.
If you’d like a free assessment of your cybersecurity risks, including outdated software, talk to the experts at Elevity. We can automate updates or help your organization move to cloud-based platforms that don’t require updates to be pushed to individual devices.
