Cybersecurity: ‘End of Support’ for Software and Systems

Cybersecurity: ‘End of Support’ for Software and Systems

Author:
David Salisbury
Product Portfolio Manager - Security

The integration of software into business brings with it many benefits, like more efficient workflows, improved communication, and amazing organisational capabilities. However, it also brings a lot of challenges; primarily, keeping all of your devices updated and secure. In this post, we'll cover the dangers of keeping your devices past the End of Support or Service (EOS) phase of their lifespan.

What is "End of Support"?

The "End of Support" (also known as EOL End of Life) is when an application or operating system is no longer going to be receiving attention from its manufacturer. This means no more patches or updates, likely a loss of manufacture support if the device relies on external servers (such as a gaming console), and possibly a loss of repair support, too.

Essentially, software will always need to be updated to survive. But a company cannot realistically update the same piece of software forever. They've either moved on to a new platform (Windows 7 > Windows 10), no longer produce the product that came with that software, or have simply ceased trading.

EOS can also be the result of outdated hardware; you see this most often with smartphones or old laptops. After it's aged a few years, the hardware in a specific model typically becomes too old and underpowered to handle the latest software updates. When this happens, the manufacturer may stop supporting that particular model, preventing it from getting new software updates.

Log Management

What are the security concerns of EOS?

EOS can pose serious security concerns — it is not just an unfortunate and inevitable inconvenience.

More often than not, the threat comes from hackers uncovering a new vulnerability in the code. When this happens in supported software, the manufacturer is usually quick to patch the issue with an over-the-air update (this is why your computer/smartphone updates somewhat frequently).

But it’s a lot trickier if this happens in outdated software systems.
Not only can hackers discover exploits in legacy versions of software, but as technology progresses, they may develop new hacking methods that didn't exist when the software was last updated. The result is a piece of software that has zero defences to prevent the hacker's intentions.

The WannaCry attack of 2017

Famously in 2017, the U.K. National Health Service was hit by its biggest cyberattack to date from the WannaCry ransomware. This malware encrypted critical files on NHS machines, asking for a ransom of £230 to decrypt each machine. The results affected 19,000 appointments in total and resulted in 6,900 being cancelled.

After an investigation into the incident, it was found that the malware used to execute the attack was relatively simple and extremely preventable. However, the NHS, despite being warned to update their systems, was using EOS software with serious security vulnerabilities.

Since all of these computers were interconnected, it only took one becoming infected for the entire NHS to fall victim. It's an unfortunately clear example of just how serious EOS risks can be.

Compliance, fear of falling behind and costly repairs

EOS software creates other issues as well that can lead to security vulnerabilities. Below are a few of the ways that using outdated software and/or hardware can affect your business.

Compliance issues

IT compliance guidelines are numerous and ever-evolving. Of course, this makes them hard to keep up with. But the rate of change is really intended to help businesses protect themselves and their consumers from the latest security threats.

Oftentimes, these regulations are quickly met in the form of a software update. Keeping EOS software, however, often means falling out of compliance, exposing you to compliance violations and risk of attack.

Limited access to new technology

It might be tempting to let one or two updates slip by without action. But, before you know it, all the latest apps and services are so far away from what you’re operating with right now, that they are indeed beyond your reach.
Not only does this mean you won't be able to participate in new industry work methods and standards, but it also means that new firewalls, security services, and preventative measures will be incompatible with your systems.

Complicated repair processes

Just like with any old machinery, repairing outdated hardware and software is going to become increasingly expensive. This means that in the event your EOS devices are subject to hacking, or even careless human error, recovering your data and systems will be much more difficult and costly.

Security Consultancy

How can businesses avoid the risks of EOS?

Staying up-to-date is the number one way to avoid the risks of EOS. Set all of your devices to automatically update when new software updates are available, and make sure that your IT team notifies you when software or hardware falls out of manufacturer support.

Updating your devices and software can be time-consuming, and purchasing new devices, setting up new networking systems, and training staff on the new devices can be a serious logistical challenge. However, the effort required to keep your systems up to date is nowhere near the damage and cost of a security breach.

Additionally, make sure that your apps (especially those related to security) are always running on the latest app version. These updates are often free and will reduce the chances of you being exposed to a cybersecurity threat.

If your organisation becomes compromised because of an unpatched or EOS system it may be considered that you did not apply due care in maintaining your cybersecurity and any cyber insurance will not apply out and you could be liable for the full fines from the Data Protection Commissioner and legal action from those affected.

For assistance with your business’s stance on Cybersecurity contact our Business Solutions Team on +44 1534 882345 or email business.solutions@jtglobal.com

Find out about our range of cybersecurity products here: 

Other content you might be interested in: