How legacy technology is compromising your cybersecurity

24th January 2022
Legacy tech

Lewis Huynh, CSO NinjaOne, informs on how legacy technology could be compromising your cybersecurity.

Over the past 18 months, we’ve witnessed businesses thrive and survive based on their ability to respond quickly to constant changes, with technology being the hero at the heart of this agility. Yet despite an increase in awareness that IT infrastructure is more crucial than ever, we still see firms hold onto outdated or inefficient technology we all knowingly refer to as ‘legacy technology.’ 

Legacy technology can stifle innovation, drain resources and lead to cybersecurity risks. To understand the scale of legacy technology in business today, we commissioned the IT Technical Debt report that surveyed 1,000 IT decision-makers in the US, UK, Australia, Germany, and France. The findings looked at several aspects, including the challenges old technology brings to technology investment plans and strategies.

Legacy technology in the UK

Our report found that the UK is behind in many areas compared to other countries. Alarmingly one key finding was that nearly half of those surveyed experienced a cybersecurity incident because of insecure legacy technology.

Respondents also stated the biggest challenge to maintaining legacy technology was managing new and existing security vulnerabilities and staying compliant with security and data privacy regulations. UK IT investments and growth are falling behind, with only 49% reporting an increase in IT budget compared to 59% globally, and investments in IT modernization increased in the UK by 54% compared to 61% in other countries.

The future of technology within health and social care
Trending
The future of technology within health and social care

UK organizations also saw a declining IT budget, with the top challenge to maintaining legacy technology was a lack of funding, followed by managing new or existing security vulnerabilities and security compliance. The biggest drivers of IT tech debt inside organizations were outdated IT infrastructure and obsolete technology. Respondents indicated that their organizations’ hardware and software were about seven years old for each.

Maintaining legacy technology can be costly for UK businesses. It accounts for a significant portion of a technician’s time, driving up labor costs and preventing technicians from performing more valuable tasks. On average, UK IT technicians spent 16 hours a week on legacy tech maintenance, and with an average salary of  £47,000, legacy technology maintenance could cost more than £18,800 annually.

The current lack of investment in IT to reduce operational expenditures is instead costing organizations time and money while prohibiting innovation. More significantly, with today’s digital landscape and the potential of something as severe as an “extinction-level event, “ focusing on replacing legacy technology should be a critical priority.

How does legacy technology compromise security?

Outdated technology eventually reaches an unpatched state as vendors’ “End of Life” support and development. The unpatched technology may frequently be attacked and eventually exploited by cybercriminals in this condition. Hence, the existence of old technology anywhere in an organization’s environment represents a severe threat.

So why aren’t organizations acting quicker? There are often one or more fundamental challenges to overcome:

  • Limitations on resources/capabilities to stay current on security trends, findings, and vulnerabilities
  • Manual, time-consuming processes for locating, obtaining, and applying updates
  • Limitations on resources to manage, plan and implement new technology
  • High expenditure costs for newer technology
  • Evolving compliance, security, and data privacy regulations

As legacy technology becomes more entrenched with the passage of time and the gap of skills, processes, and resources widens, companies face the looming specter of “technical debt.”   Like with financial debts, this buildup of security updates not applied, old equipment not replaced, technology budgets not allocated, and missing skills/expertise will eventually come due.

When it comes to security, we find it’s often the element that’s given the minimal investment, yet the one that can be the most devastating. However, we are seeing a shift in attitudes towards security, and customers, now more than ever, see it moving up the priority list.

How should organizations manage legacy technology?

All organizations face the same issues with legacy tech – it’s the old stuff that doesn’t work without a good few man hours to fix it. Even big players with unlimited budgets like Amazon face this dilemma – does the cost to fix it outweigh the cost of purchasing new equipment?

Typically IT improvements aren’t viewed directly as a profit enabler but rather as a requirement of operations. But it’s short-sighted to focus on the immediate financial impact. Investment in newer technologies will not only enhance security but also improve agility, efficiencies, and processes.

To tackle the issue, companies need to make tech debt a board issue and devise a strategy that speaks to your company’s individual needs. Examples of how old technology could be managed better include: 

  • Regularly audit the organization’s technology at least once a year to ensure that all software is updated and hardware runs efficiently and securely.
  • Put a hard stop on the length of time you keep the hardware. Once a laptop reaches five years old, make it a policy to replace it. There are plenty of worthwhile non for profits that can often use donations.
  • Proper IT documentation of IT infrastructure, updated policies, and special procedures should be updated constantly and made available to the entire team. Today’s IT documentation software makes it easy to automate many aspects of documentation, significantly reducing the maintenance burden.
  • Audit software every year at a minimum to ensure it’s meeting the company’s needs. With the purvey of IT and security teams extending across the entire organization, some departments may no longer be using a piece of software but are still linked to the organization, which may contain sensitive data.
  • Encourage the team to flag any issues with their devices ASAP. Many of us are guilty of ignoring the signs of ineffective tech but encouraging early intervention will help avoid potential disasters.

Read More:

Managing tech debt shouldn’t just be seen as making sure ‘the computers work.’ The risks involved in not keeping technology up to date can be devastating, and it needs to be front of mind for senior management in the modern business world. It can also benefit the business as new technologies help aid better working.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

We think you'll like:

Lewis Huynh

Lewis Huynh is CSO of NinjaOne

What is a User Journey

Erin Lanahan • 19th April 2024

User journey mapping is the compass guiding businesses to customer-centric success. By meticulously tracing the steps users take when interacting with products or services, businesses gain profound insights into user needs and behaviors. Understanding users’ emotions and preferences at each touchpoint enables the creation of tailored experiences that resonate deeply. Through strategic segmentation, persona-driven design,...

From Shadow IT to Shadow AI

Mark Molyneux • 16th April 2024

Mark Molyneux, EMEA CTO from Cohesity, explains the challenges this development brings with it and why, despite all the enthusiasm, companies should not repeat old mistakes from the early cloud era.

Fixing the Public Sector IT Debacle

Mark Grindey • 11th April 2024

Public sector IT services are no longer fit for purpose. Constant security breaches. Unacceptable downtime. Endemic over-spending. Delays in vital service innovation that would reduce costs and improve citizen experience.

Best of tech to meet at VivaTech in May

Viva Technology • 10th April 2024

A veritable crossroads for business and innovation, VivaTech once again promises to show why it has become an unmissable stop on the international business calendar. With its expanding global reach and emphasis on crucial themes like AI, sustainable tech, and mobility, VivaTech stands as the premier destination for decoding emerging trends and assessing their economic...

Enabling “Farm to Fork” efficiency between supermarkets & producers

Neil Baker • 03rd April 2024

Today, consumers across the UK are facing a cost of living crisis. As a result, many retailers and supermarkets are striving to keep their costs down, so that they can avoid passing these onto shoppers. Within this, one area that is increasingly under scrutiny for many organisations surrounds how to improve supply chain efficiency. This...

Addressing Regulatory Compliance in Government-Owned, Single-Use Devices

Nadav Avni • 26th March 2024

Corporate-owned single-use (COSU) devices, also known as dedicated devices, make work easier for businesses and many government agencies. They’re powerful smart devices that fulfil a single purpose. Think smart tablets used for inventory tracking, information kiosks, ATMs, or digital displays. But, in a government setting, these devices fall under strict regulatory compliance standards.

Advantages of Cloud-based CAD Solutions for Modern Designers

Marius Marcus • 22nd March 2024

Say goodbye to the days of clunky desktop software chaining us to specific desks. Instead, we’re stepping into a new era fueled by cloud CAD solutions. These game-changing tools not only offer designers unmatched flexibility but also foster collaboration and efficiency like never before!