Posted by Geraldine Hunt on Tue, Apr 17th, 2018
It's easy to remember checking security for newly deployed systems, but many enterprise businesses have old, legacy systems that still run with a few users that rely on them. When these systems don't get as much attention, they are easily forgotten by system and security administrators and updates stop. When these updates stop, legacy systems no longer receive critical patches for the latest threats making them extremely vulnerable when they are publicly available.
Studies on Legacy Systems and CyberSecurity
A recent study collected data on the US federal government and its approach to legacy systems. The US government has several legacy systems that it must protect, and it spends 80% of its $90 billion annual IT budget to ensure their protection.
The study also showed that cybersecurity risk greatly increases as companies continue to keep legacy systems operational and publicly available. These systems might be more expensive to maintain, but they are often a critical part of daily business productivity. The downside is that they also offer an easier target for cybercriminals. It's imperative that these systems are closely monitored, reviewed regularly, and updated and patched for any of the latest threats.
An example of software that should never be installed or available on the public web is any machine with Windows XP installed. Microsoft ended XP support in 2014 and advised users to upgrade to the latest version of Windows. Many users refused to upgrade, and now there are ransomware applications specifically designed for legacy XP computers. For any enterprise allowing XP computers on their network, they increase their risk of a cybersecurity incident. WannaCry and Petya took advantage of legacy operating systems using SMB v1.
Legacy Systems Need a Higher Level of Monitoring and Protection
Once an attacker identifies a legacy system, it becomes a target of multiple vulnerability scans. IT administrators should identify each legacy system on the network, isolate it, and then use protocols to harden it.
Isolating these systems from public areas of the network is easier than hardening them. Isolation can be done within the internal network to remove it from public access. Services known to be vulnerabilities should be disabled immediately, and this step alone improves cybersecurity. Administrators should use the least privilege model and give restrictive access to any user that does not need administrator or root access. In the case of Windows XP, administrators should completely disable SMB.
Vulnerability scans should be executed against the system after hardening to improve identification of any possible threats. Monitoring is another critical part of legacy system cybersecurity. Monitor for any suspicious access, traffic, or data transmission. Monitoring can stop a current attack much more quickly than allowing any backdoors to exist for months due to an attacker's ability to go undetected.
NHS WannaCry attack - a case in point
The significant risks that legacy systems can pose to a business have recently been highlighted. The WannaCry attack that hit the NHS in May 2017 was a valuable lesson to the business world and its one which shouldn’t be ignored. This attack resulted in the disruption of 48 hospitals who were forced to turn away patients and cancel operations. In addition, 16 organizations connected with the NHS were affected. If you have any of these systems on your network, isolation, hardening, and monitoring are key in cybersecurity protection. These measures reduce the risk of data theft and protect even from insider threats.
It is not possible to eliminate all cyber threats but organizations can prevent harm through robust cyber-security. Such practice includes maintaining up-to-date email, web and anti-virus protection, and applying patches in a timely manner.
A single phishing email sent to an employee can result in a data breach, email or network compromise. It is therefore important for employers to take precautions. Employees should be provided with phishing awareness training and taught the tell-tale signs that emails are not genuine. It is also essential that an advanced spam filtering solution is employed to prevent the vast majority of phishing emails from reaching end users inboxes. On that front, TitanHQ is here to help.
Contact the team today to find out how SpamTitan can protect your business from phishing, malware and ransomware attacks.