Outdated and vulnerable apps leave the front-door open for cybercriminals to access to data, says Jon Stace, Director of Technology, Software Solved, pictured. With the threat from cybercriminals increasing all of the time, organisations have to ensure that their software and app estates are fully up-to-date.
Over the past ten years we have seen plenty of examples of the type of impact that a security breach or flaw can have on organisations, both big and small. The consequences of a data breach for businesses can be severe. According to IBM’s 2022 Cost of a Data Breach Report more than 80% of organisations have had more than one. The report found that the cost of this now averages an all-time high of $4.35 million in 2022, which is up by 12.7 per cent over the past two years.
The increased regulatory responsibility and potential reputational damage are also critical issues for businesses that suffer a data breach. Not only could they be faced with a massive fine but inarguably customers want to conduct business with companies that they deem safe or at the very least conduct business with those capable of protecting their data.
Application (app) vulnerabilities have become increasingly common in recent years. The rapid growth in new application vulnerabilities is outpacing organisations’ ability to identify, test, and deploy patches to correct these issues. As a result, companies are commonly running applications that contain exploitable vulnerabilities.
Technology moves at an alarming speed with innovation pushing things forward. This means that an app that offers the newest features and has up-to-date security quickly becomes outdated. Software has a short lifecycle, and that lifecycle is prolonged with updates and upgrades.
When an app no longer has an update to sustain it, it loses the ability to integrate with new applications and lacks the patches that stop vulnerabilities, making systems susceptible to advanced cyberattacks.
Auditing your software is crucial
When it comes to outdated and vulnerable apps and software, it is always interesting to compare the management of software systems to the management of physical assets such as plant equipment.
Most organisations will have regular service schedules and expected lifetimes with their physical equipment. There is no hesitation within these organisations to undertake such a task, after all ensuring that physical assets are working optimally, show no sign of deterioration or age and are not dangerous in the workplace is just common sense.
However, the same common sense is not placed on auditing software. There is an assumption that because it is software it will live on indefinitely. Unfortunately, that is not the case and in fact, such assumptions can lead to real security issues for organisations.
With the threat from cybercriminals increasing in regularity and sophistication, companies have to ensure that apps and software are updated and supported. Leaving outdated legacy apps open means you are essentially leaving the front-door open for criminals to gain access to data.
Know your legacy
The techniques used by criminals to gain access to data is continuously changing and therefore any ‘fixes’ that are in place on legacy software are likely to be already outdated and easily broken through. Another of the issues legacy software and apps bring with them is that those who implemented them are often no longer with the company. Those left in the IT departments have no knowledge, nor any interest in learning about out-of-date code or technology. The skills gap which this creates means that the management of software collapses and vulnerabilities are not closed.
Third-party providers can help
Inarguably, you can build the protective walls surrounding your networks as high as you like, but if the supporting app technology is seriously out-of-date and not effectively managed, there are going to be easy access points throughout.
Some are turning to independent consultancies with teams of experts who have vast amounts of experience in managing legacy apps. They can also advise and help companies to shift out legacy or at least ensure that software is updated and the latest patches have been downloaded.
With the increasing threat from cybercriminals, organisations have to ensure that their software and app estates are fully up-to-date, supported and have the latest patches downloaded. If legacy apps are still running they have to be managed properly or they can offer an easy route in for cybercriminals, negating all investment in cybersecurity.
