Ronnen Brunner explains that legacy systems pose a very real threat to organisational security as well as to process efficiency: IT leaders need the courage to face up to uncertainty
Legacy systems can be found at the heart of many large organisations and they remain in place for decades often due to the cost and complexity of replacing them. Yet most are a relic of the past are not compatible with today’s cloud-native workflows and they require expensive replatforming to gain the best value out of cloud IaaS platforms.
Today, more than ever, they pose a major threat to any organisation, making them highly susceptible to cyber attacks, many of which exploit the very fact they have been neglected and, perhaps, poorly maintained and in many cases developed prior to known exploits have been recognised.
In recent months, there have been many major attacks that took advantage of old, bootstrapped systems, delivering crippling ransomware. In particular, three attacks stand out. The first, on JBS S.A. the world’s largest meat processing company, the second on the Health Service Executive, and most recently, the Kaseya ransomware attack, which is being called ‘the biggest ransomware attack on record’ and has affected over 1,500 businesses globally.
These all highlight the speed and severity in which ransomware attacks are progressing. It’s not unreasonable these days to expect that the next ransomware attack is not too far away.
Many organisations are unwilling to upgrade legacy systems for new, more secure models due to the fear of the unknown. They know changing core systems can be very expensive, may involve hiring external consultants, and is likely to be highly disruptive. In addition, outages are exceedingly expensive. With these risks in mind, many IT leaders are willing to keep legacy systems, despite the liability.
Legacy systems are security risks
Legacy systems age so quickly because of the rate at which technology is moving. Over time, their incompatibility with modern technology falls behind and they are harder to secure precisely because they are not maintained often enough.
Data ‘trapped’ within legacy systems and not connected to a cloud service is by definition harder to access. This data becomes easily ‘forgotten’ as it is no longer backed-up or supported by the up-to-date security protocols used to protect other enterprise data against threats. In a way, its isolation makes it increasingly tempting for hackers.
When legacy systems were first built, cyber attacks weren’t as advanced as they are now. It is easy to forget, but these systems were at the forefront of modern technology.
However, now the threat landscape is vastly different and constantly changing. There is a global market for exploit kits and even the ability to ‘rent’ Ransomware as a Service (RaaS). The term refers to cyber criminal groups that rent ransomware to other groups through portals or threads on hacking forums. By renting out ready-made ransomware codes, cyber criminals are able to attack vulnerabilities such as legacy systems through email phishing attacks, emails spam campaigns, and compromised credentials with the goal to gain access to corporate networks.
Battling the growing cyber landscape
Unlike legacy systems, cyber criminals adapt and evolve their tactics for accessing systems, becoming more sophisticated and using advanced exploits which easily infiltrate legacy systems. The ease with which they gain access was demonstrated with the recent ransomware attack on the Healthcare Service Executive service causing a temporary shutdown of its IT system.
Although it is currently unknown if legacy systems were to blame in the Irish healthcare system attack, it is highly possible. Due to lack of budget in the healthcare industry, it’s typical for medical systems to use outdated technology, which are too slow to run new security software.
Also with limited budgets in most healthcare organisations medical care is always prioritised. That is why it’s rare to find new advanced security tooling required to fight the new advanced attacks. Whilst the Irish Healthcare attack investigation is still ongoing, it underlines an issue that often impacts legacy systems – the inability to patch and update software.
However, it’s easy to say that organisations should update their systems to prevent cyber-attacks. Migrating from old technology to new can trigger disruptive outages. These can cause whole systems to go offline, lose data, or stop working altogether. Therefore, many organisations will choose to keep the systems in place to avoid this, taking the chance of a possible cyber-attack over outages.
Investing in a secure future
Organisations need to balance the needs of their business with the risks associated with outdated systems.
First, organisations should not neglect their network security, and the valuable information its tools can provide especially when legacy applications are involved. Network detection and response can help organisations eliminate blindspots, whilst enabling the ability to respond fast to any potential threats without having to go through mountains of logged data.
Second, it is important that organisations invest in tools with automation to assist strapped cybersecurity teams. Leveraging cloud-scale machine learning to analyse network traffic can help build a picture around what constitutes a normal network, so that anomalies are easily recognised and classified as potential threats.
Finally, with the onset of hybrid work, telemedicine, and other modern ways of doing business, having a plan for digital transformation is a must. Organisations need to plot out a realistic time-frame and understand their tolerance of risk.
Businesses can no longer ignore the exposure legacy systems have to today’s advanced threats. Prioritise the right technology, partners, and plan to help bring your IT stack into the cloud era.
Ronnen Brunner is VP of EMEA for ExtraHop
Main image courtesy of iStockPhoto.com