Cisco prepared a 2016 Security Report in which they determined aging infrastructure is an increasing issue, leaving organizations vulnerable to malicious attacks, breaches or exposure. Of the 115,000 Cisco devices analyzed in the study, 92% had software with known weaknesses to security incidents.
Typically, the infrastructure that goes unpatched or isn’t replaced in a timely manner are long-forgotten devices that are buried deep in the network just doing their duty without much change or fanfare. Often times however the IT team and upper management have actively rationalized the decision to keep old devices simply to avoid the replacement costs. Today most private MPLS and Ethernet networks include bundled routers that can easily be refreshed without additional cost any time you upgrade (which for most companies is fairly often). Firewalls and other devices no matter how small the branch location need to be kept current to avoid this simple vulnerability.
The risk of change can create potential vulnerabilities for some organizations. The old adage "If its not broke, don’t fix it" isn't always the best policy. IT may determine that a small security patch isn't worth the risk of downtime and later down the road that becomes the weak point of a breach. Keep all patches and updates current, verify computers are running the current version of commonly used software such as Adobe Acrobat, Java, Internet Explorer and Microsoft Office.
In addition to the risk of change another potential security vulnerability can be lost knowledge. Sometimes a piece of hardware or software is left in place because the only person who understands it no longer works for the company. It's important that IT understand the aging components of the network, its roles, its configuration and the method for retiring it or determined a migration strategy.
Network connectivity can also be a vulnerable access point. Many companies use VPN rather than private MPLS networks due to cost. If your organization is such, consider moving to cloud based Email, Office 365 and cloud sharing rather than VPN to access those services. Ideally we recommend investing in private network technologies such as MPLS and Ethernet to separate Internet traffic from public. If you must use a VPN connection be sure when you deploy a firewall to separate VPN from traffic from the rest of the network.
Make sure employees understand that malicious software that infects their home network can infect the company network via VPN. Enforce user-access policies and check all mobile devices granted full access to the network have up-to-date anti-virus software.
To ensure proper security for your IT infrastructure, no matter its age, it may be helpful to engage a third-party expert for their advice. Agility clients are able to rely on Agility to keep their private, public and hybrid infrastructure secured and up-to-date.