Many early adopters of digital technology – especially those in government and critical infrastructure – are still using the same systems decades later. Given the initial cost and long lifecycle, it’s unsurprising they’re reluctant to upgrade to more modern options. But reliance on these legacy systems makes you a prime target for bad actors and cybercriminals.
Anatomy of a legacy system
To keep any organisation thriving, there must be continual investment into the resources and systems used for daily operations. This includes the mission-critical hardware and software that manages internal and customer-facing operations. To gain the greatest return on investment, these are often used for as long as possible. But therein lies the problem.
Many organisations have built their entire ecosystem around these technologies, layering subsequent newer technology on top to create a complicated system shaped by multiple generations of employees – all of whom have varying degrees of technical nous. Moreover, retiring these legacy systems requires a significant financial investment – testing and procuring the right technology, as well as spending time and human resources establishing new system processes. It’s no wonder so many decision-makers are loathe to overhaul their core systems, no matter how outdated they may be.
Threats to your business
In many cases, these decision-makers focus on the risks and costs of embracing new technology, while failing to account for the risks associated with the existing systems. As well as a lack of manufacturer support and personnel skilled enough to maintain them – which creates insider risk – perhaps the most pressing issue is that they simply can’t support the modern workplace.
As systems age, so to do the employees with the expertise to operate them. The external talent pool who understands the inner workings of these systems also grows smaller, providing an opportunity for intentional and unintentional insider risk. Bad actors may use the opportunity to exploit the legacy system, recognising known vulnerabilities in older technology, while others may unintentionally make changes that cause downtime with catastrophic effect.
The COVID-19 pandemic has also fundamentally changed the way businesses operate. The borderless modern workplace creates a challenge for organisations that run legacy systems because they were not built to support a remote workforce or other policies like BYOD. Clumsy workarounds – rather than investing in upgrades – can expose critical systems directly to the internet, increasing the opportunity for cybercriminals to attack.
The price you pay
There’s no doubt that changing a system with legacy technology can be costly, but continuing to run these systems has a significant impact on both security and productivity as well as the intrinsic costs of maintenance, training, poor documentation and expensive data conversions. A ‘rip-and-replace’ approach isn’t always feasible, which is why you should consider solutions that plug into and leverage your existing technology.
There are also a few steps you can take to defend your high-risk targets without completely replacing the system:
- Conduct a risk assessment
- Identify and isolate legacy systems
- Determine which systems can be upgraded and create a plan for them
- Remove all legacy systems from being internet-facing
- Harden all infrastructure surrounding the legacy system
- Create strong policies around who has access to these legacy systems
Without the proper due diligence, running legacy systems leaves you vulnerable to breaches and cyberattacks. The cost of reputational damage, as well as the financial cost of data loss, business disruption and regulatory penalties will far outweigh the cost of implementing the right technologies and policies to insulate your legacy systems. It’s up to you to identify the risks and seek out the appropriate solutions.
Daltrey’s identity technology plugs into and leverages your existing access management system, strengthening what you already have. Contact us today to find out how we can help you overcome your identity and security challenges.