Latest News

How legacy technology is compromising your cybersecurity

Written by Lewis Huynh, CSO, NinjaOne

Over the past 18 months we’ve witnessed businesses thrive and survive based on their ability to respond quickly to constant changes, with technology being the hero at the heart of this agility.

Yet despite an increase in awareness that IT infrastructure is more crucial than ever, we are still seeing firms hold onto outdated or inefficient technology we all knowingly refer to as ‘legacy technology’.  Legacy technology can stifle innovation, drain resources and lead to cybersecurity risks.

To understand the scale of legacy technology in business today we commissioned the IT Technical Debt report that surveyed 1,000 IT decision makers in the US, UK, Australia, Germany and France. The findings looked at a number of aspects, including the challenges old technology brings to technology investment plans and strategies.


Legacy technology in the UK

Our report found that the UK is behind in a number of areas compared to other countries. Alarmingly one key finding was that nearly half of those surveyed experienced a cybersecurity incident because of insecure legacy technology.

Respondents also stated the biggest challenge to maintaining legacy technology was managing new and existing security vulnerabilities, and staying compliant with security and data privacy regulations.

UK IT investments and growth are falling behind with only 49% reporting an increase in IT budget compared to 59% globally and investments in IT modernisation increased in the UK by 54% compared to 61% in other countries.

UK organisations also saw a declining IT budget with the top challenge to maintaining legacy technology was a lack of budget, followed by managing new or existing security vulnerabilities and security compliance.

The biggest drivers of IT tech debt inside organisations were outdated IT infrastructure and obsolete technology with respondents indicating the hardware and software used by their organisations were at about 7 years old for each.

Maintaining legacy technology can be costly for UK businesses as it accounts for a significant portion of a technician’s time, driving up labor costs and preventing technicians from performing more valuable tasks. On average, UK IT technicians spent 16 hours a week on legacy tech maintenance and with an average salary of  £47,000, legacy technology maintenance could cost more than £18,800 annually.

The current lack of investment in IT   – with the objective of reducing operational expenditures, is instead costing organisations’ time and money while prohibiting innovation.

More significantly, with today’s digital landscape and the potential of something as severe as an “extinction level event” the focus on replacing legacy technology should be a critical priority.


How does legacy technology compromise security?

Outdated technology eventually reaches an unpatched state as vendors “End of Life” support and development. In this condition, the unpatched technology may frequently be attacked and eventually  exploited by cybercriminals. Hence, the existence of old technology anywhere in an organisation’s environment represents a serious threat.

So why aren’t organisations acting quicker? There are often one or more fundamental challenges to overcome:

  • Limitations on resources/capabilities to stay current on security trends, findings, and vulnerabilities
  • Manual, time-consuming processes for locating, obtaining, and applying updates
  • Limitations on resources to manage, plan, and implement new technology
  • High expenditure costs for newer technology
  • Evolving compliance, security, and data privacy regulations

As legacy technology becomes more entrenched with the passage of time, and the gap of skills, processes, and resources widens, companies face the looming spectre of “technical debt.”   Like with financial debts, this buildup of security updates not applied, old equipment not replaced, technology budgets not allocated, and missing skills/expertise will eventually come due.

When it comes to security we find it’s often the element that’s given the minimal investment, yet the one that can be the most devastating. But we are seeing a shift in attitudes towards security and our customers, now more than ever, see it moving up the priority list.


How should organisations manage legacy technology?

All organisations face the same issues with legacy tech – it’s the old stuff that doesn’t work without a good few man hours to fix it. Even big players with endless budgets like Amazon face this dilemma – does the cost to fix it outweigh the cost of purchasing new equipment?

Typically IT improvements aren’t viewed directly as a profit enabler but rather as a requirement of operations. But it’s short sighted to focus on the immediate financial impact. Investment in newer technologies will not only enhance security but also improve agility, efficiencies and processes.

To tackle the issue companies need to make tech debt a board issue and devise a strategy that speaks to your company’s individual needs. Examples of how you can you manage old technology better includes:

  • Regularly audit all of your organization’s technology at least once a year to ensure all software is up to date and hardware is running efficiently and securely.
  • Put a hard stop on the length of time you keep hardware. Once a laptop reaches 5 years old, make it a policy to replace it. There are plenty of worthwhile non for profits that can often make use of donations.
  • Proper IT documentation of IT infrastructure, update policies, and special procedures should be updated on a constant basis and made available to the entire team. Today’s IT documentation software makes it easy to automate many aspects of documentation, significantly reducing the maintenance burden.
  • Audit software every year at a minimum to ensure it’s meeting the company needs. With the purvey of IT and security teams extending across the entire organization, some departments may no longer be using a piece of software, but is still linked to the organization and may contain sensitive data.
  • Encourage the team to flag if they have any issues with their devices ASAP. Many of us are guilty of ignoring the signs of ineffective tech but encouraging early intervention will help avoid potential disasters.

Managing tech debt shouldn’t just be seen as making sure ‘the computers work’. The risks involved in not keeping technology up to date can be devastating and it needs to be front of mind for senior management in the modern business world. It can also benefit the business as new technologies help aid better working.

error: Content is protected !!
Don`t copy text!