The dangers of unsupported applications
Are ageing technologies and infrastructure threatening the security and productivity of your business?
A recent investigation by the National Audit Office (NAO – UK’s independent public spending watchdog) revealed that the Department for Environment, Food and Rural Affairs is relying on outdated technologies, which create inefficiencies and slow down the modernization and digitization of the department and its processes.
The investigation also found that almost a third of applications used by the government department are unsupported. This serves as a timely warning for technology leaders, who must learn the lessons of this investigation and scrutinize practices at their own organizations. Failure to do so could result in major security breaches, loss of productivity or fines.
The dangers of unsupported applications
You can’t understate the importance of keeping infrastructures up to date, deploying patches company-wide and keeping abreast of any new or potential systems vulnerabilities. You’ve probably heard a lot of talk about these best practices, but often they aren’t followed through. And of course, it’s impossible to completely protect your business if you are running outdated systems or using unsupported applications.
For many businesses, the idea of a sweeping digitization and modernization plan to update those older systems can be daunting. It is particularly easy to find excuses not to modernize in this difficult economic climate. Some organizations have even been tempted to cut their investments in developing digital technologies. But this is a potentially very costly mistake – particularly if it means relying on unsupported or legacy applications or software. These will always be inherently unreliable and vulnerable.
Unsupported applications and systems present an inescapable risk: critical security patches or updates can’t – or won’t – be provided and/or implemented. Without regular security updates, apps are increasingly susceptible to vulnerabilities and new attack vectors. And if an OS is no longer supported, its vendors are less likely to keep on top of fixing vulnerabilities present in the system. Attackers know this, and they will aim to exploit the situation.
If your business is hit by a cyberattack because you are running unsupported systems, those earlier modernization apprehensions will pale into insignificance. And if a vulnerability in an unpatched application allows a bad actor access to your customers’ critical data, for example, the risk to your business could be existential, with your company facing widespread downtime and financial losses.
An additional consideration for businesses in regulated industries – legal, finance, ecommerce – is compliance. It’s one thing to suffer financial or operational damage for falling victim to a cyberattack because of a vulnerability in an outdated system. But regulatory penalties can be the beginning of the end for businesses.
If your business is looking to protect against the risks inherent in using outdated or unsupported systems and apps, conducting a comprehensive application security assessment is a good place to start. With an application assessment, your partner will test all the apps used across your network for current vulnerabilities, possible threats, and provide a remediation plan to fix the gaps.
A complete application security assessment should give your business visibility into how applications are used across your workforce and any threats these apps pose. The assessment should also detect whether your business is using infected apps and if malware is present in supported and reputable apps.
If you find unsupported apps being used, your business should devise a plan to retire or replace these applications and implement it immediately. Plugging the holes in your security posture brought about by applications that cannot be updated – with alternative controls, for example – might be fine in the short-term, but many regulatory frameworks outline that these controls must only be used temporarily and require businesses to have a long-term remediation plan in place.
Put your defenses to the test
Now that you know exactly what apps are being used across your organization and how, you’ll need to ensure that this visibility and control over the environment can be sustained.
It’s not enough to assess your business’s security posture in one given moment, fix the issues, and move on. Threats are always evolving, and attack methods are becoming increasingly sophisticated, which means businesses need to continuously assess their security posture to keep one step ahead of attackers.
This means continually checking that your security defenses are working, testing for vulnerabilities, and keeping on top of your asset management. Businesses can consider investing in tools and technologies that provide constant security monitoring and validation by simulating attacks and the methods employed by bad actors.
Keeping a robust asset management system in place can also help protect against the risks inherent in unsupported apps or systems. By keeping an up-to-date register of the devices running unpatched or older versions of software and applications, you’ll know exactly where the risks are, and where you need to focus your efforts to bring all apps and systems up-to-date and in-line with best cybersecurity practices. Always knowing where these potential pain-points are when it comes to cybersecurity reduces the chance that you’ll get caught out.
The dangers of using unsupported apps are too large to ignore, and the reality is that those businesses still relying on outdated or supported products should have a plan in place to retire or replace them. Thankfully, it’s possible for businesses to strengthen their security defenses without implementing a complete modernization or digitization plan overnight. Businesses can reduce the overall risk of their systems by having complete visibility over the apps and systems used across their workforces and by continually putting their security defenses to the test. Where they find vulnerabilities, they should be fixed, or access limited.
Why would you want to trust your business’s critical information to an unsupported OS or an application that could be exploited when the steps to limit the risks can be implemented efficiently and seamlessly? The potential downtimes, fines, and reputational damage simply aren’t worth it.