A separation does not always have to hurt!

Blog Cybersecurity
Pic Source: dokumol via Pixabay

“Never change a winning team”. That’s the saying. That this mindset is not always beneficial is demonstrated by cyber incidents that occur due to outdated technologies and unpatched applications. Surveys now show that the modernization of IT infrastructures in particular is high on the list of priorities for teams of IT experts.

If you’re a regular reader of our blog posts, you know that there are a few things that we preach over and over again and strongly recommend to our clients at every opportunity. These include:

  1. Use only unique passwords for your applications
  2. Create regular backups – ideally taking into account the 3-2-1 strategy
  3. Patch your systems as soon as an update is available

Another aspect that is closely related to the last point in particular is that companies also need to check their IT infrastructure for up-to-dateness and modernize it if necessary.

A survey conducted by the company Ninjaone in 2021 shows that companies still have a lot of catching up to do, especially on this point. The survey involved 1,000 IT managers worldwide, 200 of whom work in German companies. Among other things, the study revealed that IT modernization in particular is a high priority. The importance of this is demonstrated by the fact that around one in five of those surveyed stated that the software and hardware they use is more than 10 years old. Far more serious is the fact that almost half (48%) said they had already recorded a cybersecurity incident in their company that was due to insecure legacy systems.

The problem of outdated systems and IT infrastructures does not arise overnight, but can be a gradual process. And there are many reasons why this can happen. For one thing, companies evolve and grow. A company’s IT also grows – and not always in a healthy way. Old systems are expanded to meet new requirements. Whether the system can support and handle the new expansions in the long run is sometimes neglected. In addition, responsible people may leave the company – and take their know-how with them. Missing or incomplete documentation complicates the problem. Another reason may be that people are reluctant to adapt or expand processes, lest they run the risk of destroying the functioning system by making a change – and thus perhaps a necessary modernization. But in the long run, sticking to old systems can lead to failures and crashes.

Pic Source: Perseus Technologies

The following examples show why outdated IT infrastructures can be a danger to companies:

Outdated software

A good example of outdated software is Windows 7. The operating system received its last security update on January 14, 2020, after which security support was discontinued after 10 years. In December 2021 – and thus two years after the last security update – 15 percent of all computers were still using Windows 7. Corporate customers continued to receive important security patches – but only for a fee.

The risks of outdated software lie in unpatched security vulnerabilities. Ideally, when a vulnerability becomes known, the manufacturers provide software patches to close the gap and fix the problem. If this security support is no longer readily available – as in the case of the Windows 7 operating system – no emergency patch is made available and, consequently, no updates can be applied to close the gap. This is problematic, because attackers actively look for these security gaps to exploit them at will and gain access to systems.

Outdated hardware

Man is a creature of habit. This also applies to IT. It’s hard to part with favorite devices or familiar routines. Computer users in particular hold on to old hardware because they are familiar with its operation. In addition, all applications are installed and stored on the device, and often all important data is also stored there. A complete reinstallation seems too time-consuming and tedious for many.

The exchange and replacement of outdated devices can also mean a massive cut in the already often very tight budget. If there are also compatibility problems between the existing programs and applications and the new devices, replacing the hardware seems even less worthwhile.

But even when it comes to hardware, sticking with outdated equipment (see legacy systems) can have significant negative consequences for the company. Production downtime can occur because the equipment is too slow, doesn’t work effectively, shows signs of malfunctioning, or simply doesn’t allow certain software to be installed and used. Then, if you hold on to unreliable hardware for too long, it’s difficult to prevent a system failure sooner or later. In the worst case, this can lead to irreparable damage, ending with the irrevocable loss of data.

In addition, there is also a risk here that cybercriminals will use outdated hardware as a gateway for their attacks.

In short, both software and hardware should be checked regularly to ensure that they are up to date. Modernizing IT infrastructure should not be neglected in today’s world.

Important: Hardware also needs to be updated. One example is the Fritzbox. Here, too, updates must be installed regularly, otherwise gaps that have also been created can be exploited by attackers. Similar to old software, it can happen that outdated hardware is no longer supported.

The correct way to handle software updates

There are several aspects to consider when updating or even reinstalling software.

If you are informed that an application or program on your computer needs an update, perform it immediately. If you do not have the proper authorization to perform the updates, contact your IT representative. He or she can perform the update for you or delegate the rights for this task to you.

It is also important to make sure that your device supports the new version of the software. You should check this with the software provider. If the software cannot be run on your device, you should think about changing the hardware, i.e. your computer, or the software. It is not advisable to continue using an outdated software version.

If the software is tied to other programs, you should also check whether it is still compatible.

Similar considerations must be made when changing or reinstalling software. Here, too, it must be ensured that all devices are compatible with each other, support each other and can be used on the hardware used.

Furthermore, ensure that software is obtained only from trustworthy sources. Purchase software only from the appropriate provider. In the event that you use free software, make sure that you obtain and download it from trusted sites.

But even if you apply updates as soon as it becomes necessary and regularly replace outdated software and hardware that no longer works reliably, there are a few things to keep in mind.

The correct disposal of hardware

One thing first: Electronic devices do not belong in normal household waste, but must be disposed of separately. The legislator gives precise instructions for action here. There are various options for proper disposal:

  • Return it to the dealer. The dealer will then take care of proper disposal
  • Take the electronic devices to the recycling center. Here, too, the experts will take care of proper disposal or further processing.
  • For small devices, e.g. smartphones or laptops, there is also the option of handing them in at electronics stores. In July 2022, 25,000 additional stores and outlets were required to also accept electronic devices and provide professional disposal, including discounters such as Lidl or Aldi
  • Use third-party recycling services. Online retailers such as Amazon offer their customers the opportunity to recycle electronic devices via their platform. Here, the drop-off can be registered and the retailer and its partner network take care of the disposal

Regardless of the disposal method chosen, it is important to prevent unauthorized third parties from gaining access to information and data that may be stored on the devices. In the case of computers and laptops, this means that the data must be deleted from the hard drive before disposal. For this purpose, there are special programs that completely erase the data by overwriting it with irrelevant data. However, make sure that you have previously saved all the necessary data on another device, a storage medium or in the cloud before permanently erasing the data from the hard disk.

If the hard disk of the device to be disposed of is so damaged that deleting the data is not readily possible, you should destroy the hard disk by other means. Contact your IT representative about this. He or she can determine and execute the correct methods.

Pic Source: Perseus Technologies

It can therefore be seen that there are a number of things to consider when recycling obsolete equipment that can no longer be used. Companies should be aware that the safety factor in particular plays a major role in disposal. Due to ever-advancing digitalization and the proliferation of interconnected and smart devices, the relevance increases once again. For example, the improper disposal of a smart light bulb can already lead to cybercriminals having information that they can use for a possible attack. This is what happened in 2020, when researchers from Check Point Software Technologies were able to prove that they were able to connect to a smart light bulb and use this path to infiltrate malware into a corporate network.