Why legacy IT systems create an often-overlooked security weakness

 

They sit at the heart of most corporate IT infrastructures and have supported operations for decades. Yet, despite their core role, many legacy systems have become a worrying security risk.

The problem stems from the fact that legacy systems were often designed and deployed way before today’s cybersecurity threats existed. As a result, exploits such as ransomware can take advantage of their inherent lack of protection and cause major problems.

Unfortunately, many organisations appear to be unwilling to upgrade legacy systems for new, more secure models. They believe such changes will be expensive to undertake, may require external consultants, and are likely to be highly disruptive to business activity.

The pace of change

The reason many legacy systems quickly age is the rate at which technology itself is moving. Gradually, their compatibility with newer technologies declines, which makes them more difficult to secure.

Also, data held within legacy systems and not connected to a hosted or cloud service is by definition harder to access. This data becomes easily ‘forgotten’ as it is no longer backed-up or supported by the up-to-date security protocols used to protect other enterprise data against threats. In a way, its isolation makes it increasingly tempting for hackers.

The situation is made even more difficult by the rapidly changing cyberthreat landscape. Exploits that did not exist just a couple of years ago are now in widespread use by cybercriminals.

Cybercrime has even evolved to the point where some exploits are available ‘as a service’. Rather than needing deep technical skills, a criminal can simply ‘rent’ access to existing malicious software tools and begin targeting chosen victims.

In this way, cybercriminals are able to attack known vulnerabilities in legacy systems through email phishing attacks, emails spam campaigns, and compromised credentials. Their ultimate goal is to gain access to corporate networks and either extort a ransom or cause disruption.

An evolving security landscape

Unlike legacy systems, cyber criminals tend to adapt and evolve their tactics and become ever more sophisticated at using advanced exploits which can readily infiltrate legacy systems. The ease with which they gain access is evidenced by the fact that Australian organisations have seen a 200% increase in reported ransomware attacks in recent times, causing an estimated $1 billion cost to the national economy[1].

Of particular concern is the growing number of attacks targeting the healthcare sector. According to research by consulting firm PWC[1], almost 60% of healthcare industry respondents said they believe it is very likely that their organisation will suffer a ransomware attack during the next 12 months.

Although it is unknown whether legacy systems were to blame in many attacks, it is highly possible. Due to a lack of IT budget in the healthcare sector, it’s typical for medical systems to use outdated technology or be too slow to run new security software.

Also, faced with constrained operational budgets, most healthcare organisations tend to prioritise medical equipment over IT security. This makes the likelihood of ageing, unprotected legacy systems being in place even higher.

Securing the future

It’s clear that organisations need to balance the needs of their business with the risks associated with outdated legacy systems. This requires three key steps:

  • Invest in network security: It’s vital organisations do not neglect network security, and the valuable information its tools can provide – especially when legacy applications are involved. Network detection and response can help to eliminate blind spots, while also providing the ability to respond rapidly to any potential threats.
  • Invest in automation tools: A second step is to make investments in automation tools that can assist cybersecurity teams who are straining under the pressure. Taking advantage of cloud-scale machine learning to analyse network traffic can help build a picture of what constitutes normal network traffic. Anomalies can then be more easily recognised and classified as potential threats.
  • Plan for digital transformation: Thirdly, with the major shift to remote working and online interactions, it’s important for all organisations to have in place a plan for digital transformation. They need to establish a realistic timeframe and understand their tolerance for risk.

It is no longer possible to ignore the security threats that aging legacy systems cause. By investing in the right tools and services today, organisations can be more confident they are able to withstand evolving cyber threats in the future.

[1] https://www.crn.com.au/news/aussie-orgs-most-likely-to-pay-ransomware-attackers-idc-568097

[2] https://www.pwc.com.au/health/health-matters/ransomware.html

Glen Maloney has more than 15 years’ experience in the IT industry and is responsible for all sales and channel market development for ExtraHop in Australia and New Zealand. He previously worked at Sophos and Checkpoint Software in several sales and business development roles.