Lewis Huynh, CSO NinjaOne, informs on how legacy technology could be compromising your cybersecurity.
Over the past 18 months, we’ve witnessed businesses thrive and survive based on their ability to respond quickly to constant changes, with technology being the hero at the heart of this agility. Yet despite an increase in awareness that IT infrastructure is more crucial than ever, we still see firms hold onto outdated or inefficient technology we all knowingly refer to as ‘legacy technology.’
Legacy technology can stifle innovation, drain resources and lead to cybersecurity risks. To understand the scale of legacy technology in business today, we commissioned the IT Technical Debt report that surveyed 1,000 IT decision-makers in the US, UK, Australia, Germany, and France. The findings looked at several aspects, including the challenges old technology brings to technology investment plans and strategies.
Legacy technology in the UK
Our report found that the UK is behind in many areas compared to other countries. Alarmingly one key finding was that nearly half of those surveyed experienced a cybersecurity incident because of insecure legacy technology.
Respondents also stated the biggest challenge to maintaining legacy technology was managing new and existing security vulnerabilities and staying compliant with security and data privacy regulations. UK IT investments and growth are falling behind, with only 49% reporting an increase in IT budget compared to 59% globally, and investments in IT modernization increased in the UK by 54% compared to 61% in other countries.
UK organizations also saw a declining IT budget, with the top challenge to maintaining legacy technology was a lack of funding, followed by managing new or existing security vulnerabilities and security compliance. The biggest drivers of IT tech debt inside organizations were outdated IT infrastructure and obsolete technology. Respondents indicated that their organizations’ hardware and software were about seven years old for each.
Maintaining legacy technology can be costly for UK businesses. It accounts for a significant portion of a technician’s time, driving up labor costs and preventing technicians from performing more valuable tasks. On average, UK IT technicians spent 16 hours a week on legacy tech maintenance, and with an average salary of £47,000, legacy technology maintenance could cost more than £18,800 annually.
The current lack of investment in IT to reduce operational expenditures is instead costing organizations time and money while prohibiting innovation. More significantly, with today’s digital landscape and the potential of something as severe as an “extinction-level event, “ focusing on replacing legacy technology should be a critical priority.
How does legacy technology compromise security?
Outdated technology eventually reaches an unpatched state as vendors’ “End of Life” support and development. The unpatched technology may frequently be attacked and eventually exploited by cybercriminals in this condition. Hence, the existence of old technology anywhere in an organization’s environment represents a severe threat.
So why aren’t organizations acting quicker? There are often one or more fundamental challenges to overcome:
- Limitations on resources/capabilities to stay current on security trends, findings, and vulnerabilities
- Manual, time-consuming processes for locating, obtaining, and applying updates
- Limitations on resources to manage, plan and implement new technology
- High expenditure costs for newer technology
- Evolving compliance, security, and data privacy regulations
As legacy technology becomes more entrenched with the passage of time and the gap of skills, processes, and resources widens, companies face the looming specter of “technical debt.” Like with financial debts, this buildup of security updates not applied, old equipment not replaced, technology budgets not allocated, and missing skills/expertise will eventually come due.
When it comes to security, we find it’s often the element that’s given the minimal investment, yet the one that can be the most devastating. However, we are seeing a shift in attitudes towards security, and customers, now more than ever, see it moving up the priority list.
How should organizations manage legacy technology?
All organizations face the same issues with legacy tech – it’s the old stuff that doesn’t work without a good few man hours to fix it. Even big players with unlimited budgets like Amazon face this dilemma – does the cost to fix it outweigh the cost of purchasing new equipment?
Typically IT improvements aren’t viewed directly as a profit enabler but rather as a requirement of operations. But it’s short-sighted to focus on the immediate financial impact. Investment in newer technologies will not only enhance security but also improve agility, efficiencies, and processes.
To tackle the issue, companies need to make tech debt a board issue and devise a strategy that speaks to your company’s individual needs. Examples of how old technology could be managed better include:
- Regularly audit the organization’s technology at least once a year to ensure that all software is updated and hardware runs efficiently and securely.
- Put a hard stop on the length of time you keep the hardware. Once a laptop reaches five years old, make it a policy to replace it. There are plenty of worthwhile non for profits that can often use donations.
- Proper IT documentation of IT infrastructure, updated policies, and special procedures should be updated constantly and made available to the entire team. Today’s IT documentation software makes it easy to automate many aspects of documentation, significantly reducing the maintenance burden.
- Audit software every year at a minimum to ensure it’s meeting the company’s needs. With the purvey of IT and security teams extending across the entire organization, some departments may no longer be using a piece of software but are still linked to the organization, which may contain sensitive data.
- Encourage the team to flag any issues with their devices ASAP. Many of us are guilty of ignoring the signs of ineffective tech but encouraging early intervention will help avoid potential disasters.
- Why developers are our best defence against cyberattacks
- The Hopeful CIO: A Study from Lemongrass finds that enterprise IT leaders are aggressively moving their legacy business systems to the cloud despite various challenges
- Protect your data with a multi-tiered approach
- From reactive to revolutionary: The top 5 trends powering CX transformation in 2022
Managing tech debt shouldn’t just be seen as making sure ‘the computers work.’ The risks involved in not keeping technology up to date can be devastating, and it needs to be front of mind for senior management in the modern business world. It can also benefit the business as new technologies help aid better working.