Published on November 11th, 2017 | by Guest0
Cybersecurity Risk Management: Upgrade or Stick With Legacy Software?
Which should you pick: the devil you know, or the devil you don’t?
Buying into new innovations in data management software is already a costly and time-intensive process. In addition, it’s extremely difficult to predict what sorts of cybersecurity risks will come with that innovation.
Vulnerability of New Technology Often Isn’t Apparent Until it’s Hacked
Trends in cybercrime, reported on by Maryville University, indicate that criminals are quick to get ahead of trends and developments in cybersecurity. Maryville notes that hackers often take advantages of vulnerabilities in new technologies such as the internet of things, but that sticking with legacy systems poses just as much security risk.
ECPI University cites that 69 percent of cyber security decision makers in the business world say that transforming technologies are forcing different approaches to cybersecurity strategy.
In a volatile landscape, with so many new areas of security to consider, and so many unknowns as new technology flourishes, adopting new software can be a daunting proposition. Attacks, like the WannaCry ransomware incident that affected over 100 countries and government organizations like England’s National Health Service, can cause a lot of worry. Is the best technology really worth it, with such high profile and expensive breaches? In addition to the expense of implementing new software, the risk of attack can tilt the decision-making process away from adopting newer software, especially when it comes to data management.
Sticking With Legacy Software Could Be Just as Dangerous
The unfortunate dilemma is that waiting too long to embrace new technology on any front, from phones to internet browsers, can be just as dangerous as adopting new software that may not have been put fully through its paces.
The problem is that the “risks inherent in legacy software actually compound over time,” writes Aaron Weiss over at eSecurity Planet. He mentions a number of vulnerabilities tied to legacy software. Inevitably, legacy software stops receiving updates as the vendor moves on to other projects. Legacy software was released during a time in which we understood less about cybersecurity, and so it is inherently less secure. He also notes that the older software gets, the more widely published its weaknesses tend to become.
So by sticking with older software, a business might reduce some risk by avoiding unforeseen vulnerabilities in a new product, but they open themselves up to costly attacks in so many other ways.
How Can Small Businesses Keep Up?
This problem becomes even more difficult for small businesses, many of which can’t afford to adopt newer software even if they wanted to.
The good news is that even free security tools can reduce the risk of cyberattacks. Many standalone security services are quick to update when new vulnerabilities are discovered, so plugging leaks might not require adopting a whole new set of software services or upgrades to your own systems. Even more minor expenses like updating an SSL certificate and qualifying for Certificate IV in Security Risk Analysis can help.
Unfortunately, employees who don’t know about data security can be one of the biggest security risks. You can also head off a large amount of security risk by making sure employees are savvy to threats like phishing scams and other attacks that rely on user error.
Just remember that sticking with what you know might not always be the best solution.