All tech has a life cycle and a best before date, so why are businesses still using systems that have become a risk?
All tech has a life cycle and a best before date, so why are businesses still using systems that have become a risk?
In 2001, Windows XP came to market just as dial-up Internet began to give way to broadband. Sixteen years later, dial-up has been consigned to tech history; not so Windows XP, which is still used by businesses worldwide to run vital applications and services.
This presents a huge problem. Every product has a life cycle, and time is running out for other widely used platforms that are approaching their ‘end of support’ date – most notably, Windows 7 in 2020.
These platforms pose an undeniable security risk, as the latest updates and patches become unavailable once support for the operating system is withdrawn.
Cyber warfare – fought on a legacy battleground
On December 23rd 2015, parts of Ukraine fell dark. Regions situated in the north and west of the country, including Kiev, lost power and would leave people without electricity for up to six hours.
Power cuts aren’t uncommon, but it was clear to those situated at the headquarters of the three effected energy distribution companies that something was not right. Phone lines were jammed with bogus calls and those trying to report issues were not able to connect to switchboards.
In the days following the power outage details started to emerge on the cause and as the situation started to unfold, it was clear hackers were to blame after gaining access to systems and maliciously disrupting the power supply.
The same hackers are believed to have sent a telephone denial-of-service attack to disrupt telephone operations at the energy suppliers. With hundreds of thousands of people affected and country’s operations disrupted, this was one of the first wide-scale examples of utilities terrorism.
It’s easy to see why utilities companies would be such a lucrative targets, and despite cyber attackers being highly technical, they are able to succeed by targeting something that is not so cutting-edge.
By nature utilities companies all around the world are highly regulated, running specialised apps on legacy operating systems, such as Windows XP, which are no longer supported. As we move into an ever-more digital world, why is it that industries such as this are not using up-to-date and ultimately more secure, supported operating systems?
From XP to Windows 7 – the warning signs are there
While the increased security advantages of upgrading to a more contemporary version of Windows may seem obvious, migrating old applications to new platforms can cause huge incompatibility problems.
Often left with little other than the uninviting option of rewriting unique in-house applications, which are extremely common in the specialised utilities industry, many find themselves doing nothing with a lack of budget, expertise or inclination to do so – and this isn’t a problem that stops at XP.
With stats showing that, despite the continued use of Windows XP, Windows 7 is by far the most popular operating system in currently in existence.
Thankfully, in terms of Windows 7, there is still time to plan migration away from the platform before support is withdrawn. However, if the applications are working with the same level of operational efficiency that they always did, it is easy to see why companies up until now have chosen to stick with the status quo.
However, it is becoming clear that even if you have the best security solutions on the market, running an OS that is no longer updated leaves you open to attack. Staying unsupported is no longer an option.
Containing the problem
When looking how to deal with the problem, companies in all sectors will be presented with three options. The first is to rewrite applications to provide compatibility with more modern and secure systems – a costly and time-consuming process. Alternatively, an ostrich approach might appeal: stick with the old stuff and hope for the best.
With the first two options either costly or extremely risky, the third option is a welcome bridge between the two. App delivery has moved on; software exists that allows organisations to take the current app that is so heavily relied on out of its legacy confines, and moved to a system fulled supported by its creator.
Compatibility containers can free enterprises from running unsupported environments, and allow old applications to run in new systems by packaging them up and moving them without changing any aspect of the way in which they work.
Through redirection, isolation and compatibility, the previously unsupported applications can be run without change on the latest operating system which allows them to keep the same characteristics, but with the same level of compliance and security as their modern counterparts.
With the current threat landscape the way it is and organisations in all sectors unwilling to move with the times, the example of the Ukranian utility company will become more and more common.
Here in the UK we’ve seen similar reported instances, with public sector organisations that hold highly sensitive still sticking with systems that are ultra-susceptible to attack.
A recent FOIA request for Greater Manchester Police revealed it is but one example, and the ransomware attack on the NHS was undoubtedly proliferated by its widespread use of legacy systems.
Could utilities terrorism be on the horizon for our country before we know it? An almost unbelievable sounding concept, but an all too real possibility.
This is why it is so important for organisations from all sectors to make legacy application planning a big priority, particularly now as even more platforms reach their end of life.
Even more important still, enterprises should find peace in the knowledge that these the security risks need not signal the end of the road for important applications that they’re are not yet ready to part with – a straightforward “lift and shift” can signal the end to a problem that has left many a CIO stratching their head.
Mat Clothier, CEO, CTO & Founder of Cloudhouse Technologies.
Thanks for signing up to Minutehack alerts.
Brilliant editorials heading your way soon.
Okay, Thanks!