Investing in tech is strangely a questionable action for most business owners, typically having an "if it ain't broke don't fix it" attitude. Which is understandable, I mean investing in new tech can be timely and costly, especially if you've got a large number of computer users in the organisation. However, when you realise the vulnerabilities your opening yourself too and weigh the potential cost if a data breach was to happen, not to mention the damage it'd do to the organisation's image. It might change your outlook on how you view tech investment overall.
The NHS was one of the high profile victims this year due to poor investment in their I.T; having their data compromised by the infamous WewannaCry ransomware attack in May. Due to 90% of the systems still running the legacy old 'Windows XP' operating system. The operating system which Microsoft introduced in 2001 and declared its EOL (end-of-life) in April 2014. Meaning, if any new bugs or exploits are found then they will remain unpatched by Microsoft, leaving your computer open to new attacks.
Despite being warned in 2012 to re-evaluate this, the NHS at the time relied heavily on specialised legacy software. Which the process of testing new or updated versions of critical software could disrupt patient care. However, the outbreak cost them a lot more than it would have if they simply managed their IT better. Their negligence resulted in the disruption of 81 English health trust were disrupted, leading to the cancellation of an estimated 19,494 medical appointments, including 139 potential cancer referrals.
"52% of businesses are still running at least one instance of Windows XP" (Spiceworks, 2017)
In the table below you can see the current dates that Microsoft will be ending support for various operating systems. Giving you an idea of how much time you have until you should update your systems.
|Operating System||End of life date|
|Windows Server 2008||14/01/2020|
|Windows Server 2012||10/01/2023|
Not only software but hardware needs to be regularly evaluated being as they work coherently together. By having outdated hardware means you can't install the latest operating system as each update requires hardware specifications in order to run it; which is the same for running the latest applications.
"73% of companies are using vulnerable, end-of-life networking equipment" - Softchoice, 2016
End-of-sales devices have around two-to-five years before the manufacturer eliminates support. Organisations must plan ahead and account for the cost of replacement devices before they become end-of-support. End-of-support devices that remain on a network too long increase the risk of potential breaches.
Top factors to be considered are security, scalability, and reliability. Ask yourself does this piece of tech meet security standards? Will it be able to handle more load when upgrading the network infrastructure in the future? How reliable has it been for me in the past? Below is a table which states the estimated life of your devices.
|the Average life cycle|
|Cell phones||2 Years|
|Laptop PC||3 Years|
|Desktop PC||4 Years|
|Networking gear||5 Years|
Main risks of using expired Hardware & Software:
- Lack of vendor support: Vendors guarantee ongoing support with a product that is still in service. Once a product/service goes end-of-life or end-of-support, the vendor is not required to support it. This means that updates will not occur and the product/service can become a risk or vulnerability as explained next.
- Cybersecurity: Once a product is no longer supported, software updates will not occur which means newly discovered vulnerabilities will not be addressed. For this reason alone, you should update ASAP. A firewall and anti-virus are not sufficient protection against unpatched vulnerabilities, which hackers are quick to exploit.
- Non-compliance (licensing): Entrusting your critical information to a decade-old OS or an unsecured application? Just stop. In addition to security lapses, it could result in big fines, company shutdown or possibly jail time.
- Poor performance and reliability: If a core application or hardware component fails or becomes unreliable and a change is made on your network, you cannot go back to the manufacturer to ask for assistance (because its coverage has expired or gone end-of-life). This will result in spending additional hours diagnosing and resolving the issue often by purchasing a newer, supported version.
A good thing about using a Managed Service Provider (MSP) is that we will manage the terms of the lease and determine when to upgrade your technology and how to dispose of the old ones. When this time approaches well determine whether the approximated lifespan matches the actual condition of the hardware or software.
"The misconception is that fewer at-risk devices make an organisation less vulnerable, but it only takes one to bring down an entire network." David Vigna (Cisco Practice Director)
Fundamentally whatever time, money or disruptions companies think they're saving by sticking to older software or hardware is an illusion. The potential risks outweigh the conveniences with cyber threats only escalating more and more.
The digital revolution has transformed the way we live and work, but we have to be ready for the vulnerabilities it brings too. If you would like to discuss how we can help take away the headache of IT support for your business or would like more information, click here to book a call with one of our consultants. Alternatively contact us here.