The biggest way we are attacked when it comes to our cyber vulnerability is through the fortifications we leave up that are antiquated and old. Some experts believe that between 30 and 50 percent of the hardware as well as the software assets that are in the average large scale business have reached their end of life date. Thus end of life products really do pose a legitimate and pressing security threat today here in the United States and eventually as a result around the entire world. The political sphere weighs heavily on this topic.
“the vast majority of vulnerabilities are more than 99 percent exploit out of date software with known vulnerabilities. There may be a new version of product buy because you don’t have a clear view of what in your environment you can miss the old version in your upgrade process. Thus these products may remain on a network and are not removed because of one is using them and no one has turned off their lights a hacker will exploit that kind of left over artifact.”
Thus we are kind of dammed if we do and dammed if we don’t a lot of the times when it comes to tech and our place in the network as a safe and productive member. “IT spends 80 percent of its resources just to keep the lights on and 20 percent on new developments if they’re lucky.” They have plenty of data, buy the data is so vast and there’s such a high degree of variance in it that they can’t distill it down to information that is actionable.”
So basically what it all boils down to and what we are really considering when we ask this question is the fact that, “as a result there’s no fundamental driver to change something that is designed well and works well and is for a fixed purpose. Then the problem is you have technologies that weren’t built for security that have vulnerable attack surfaces that allow hackers to take down things like power grids and water distribution systems very easily.”
“even in the case where you have to keep a legacy system keeping it and saying ‘i’m good’ is not acceptable because from the perspective, those systems are vulnerable, you may have to live with them because you don’t have the dollars to replace them, but you still have to secure those systems.”
But when all is said and done, ” attackers know security organizations are using multiple layers of defense on the perimeters and the endpoints so they’re not using malware that can be detected by those solutions.”
So when all is said and done and the cookie has inevitably crumbled there are many security implications and realities that we need to face and begin to plan for if we are to remain safe in light of all these new developments. For one consider the state of our security when we consider infrastructure and the software it runs on. Across the board our nuclear power plans as well as our dam infrastructure are both extremely vulnerable.