Hidden risk of cybercrime for older software
Many of today’s businesses rely on old software, written in code from a time before today’s cyber crimes existed.By Melissa Conlon, commercial director, Magma Digital.
Your applications could potentially be written in programming languages no longer used or taught, making them ideal for malicious attacks.As your system ages, the amount of dead or potentially vulnerable code contained continues to expand. The presence of unmaintained or abandoned code can create new weaknesses.
Antivirus programs don’t offer enough protection as few cater to ageing systems, and the majority on the market do not scan inactive code—the points where legacy systems are most vulnerable.Legacy-specific antivirus applications cannot protect against attacks that target dead code, malware attacks can rely on inactive code to hide and therefore go undetected, so an organisation is likely unaware it has been compromised. With so much at stake organisations need to take action to mitigate risk, we recommend:
- A full code review and audit to assess the risks
- Identify and eliminate inactive code
- Document changes – critical to protecting the integrity of the system
- Re-evaluate the processes associated with changes to business rules
- Apply the least privilege principle and apply strong passwords - legacy systems tend to allow far weaker passwords than required by today's standards
- View security as a continuous process as opposed to a one-off fix
- Maintain security patches to keep the system up-to-date with the latest vulnerability fixes