There’s a direct link between the amount of legacy applications and IT infrastructure any organization has installed and an organization’s overall security posture. The longer applications and IT infrastructure have been deployed the more likely it is that cybercriminals are exploiting some vulnerability. It’s even probable that vulnerability is a known exploit. The patch for that vulnerability, however, has been overlooked by an IT organization that is either overworked or simply uninformed.
A forthcoming executive order on cybersecurity that is expected to be signed any day now makes this connection. The executive order is expected to closely link cybersecurity to IT modernization projects across the Federal government. Like a lot of businesses, it turns out government agencies still rely on a lot of legacy applications and IT infrastructure that is difficult and ultimately costly to secure. When the total cost adding layers of security is calculated it turns out that upgrading those systems to achieve many of those security goals winds up being less expensive over time. In addition, those new applications and systems provide the added benefit of increasing productivity.
Of course, upgrading systems doesn’t replace the need for IT security technologies such as firewalls and antivirus software. But it does go a long way towards either fortifying and, in many instances, reducing the size of the attack surface that needs to be defended.
That’s critical because the latest cybersecurity report from Verizon makes it clear that cybersecurity war is not going well. In fact, the report highlights that small businesses now account for 61 percent of all data breaches. The reason for that is twofold. One is that small businesses don’t typically have the budget dollars available to properly secure their environments. The second is an attempt to make those budget dollars go farther many small businesses postpone IT upgrades. Just like many government agencies, they wind up rely on antiquated applications and systems that wind up putting their business at risk.
The reason this situation exists is because when it comes to IT most small business owners are relying on an outdated calculus when it comes to determining their return on investment (ROI). Most of them are trying to write-down the value of IT equipment over several years. This practice, however, only encourages organizations to hold on to older IT equipment that has already been shown to be compromised. There is, of course, no such thing as perfect IT security. But any hope an organization has when it comes to maintaining IT security is extinguished when the applications and systems that need to be protected are porous to the point of being indefensible.
The good news is that the Federal government will eventually extend the scope and reach of the cybersecurity executive order out to any organization that does business with the Federal government. That should drive a wave of cybersecurity inspired application and infrastructure upgrades that are long overdue. But even once that occurs there will be still far too many businesses that fail to realize how important staying current on their IT investments is to cybersecurity. Unless that connection gets made it’s only a matter of time before a breach compromises their business. In fact, it’s more than probable that breach has already occurred.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.