What do a leading retailer, major health insurer and government agency have in common? Target, Anthem, and the Office of Personnel Management (OPM) were all famously breached in recent years by hackers preying on weak points in their legacy systems.
It’s no longer a question of if your organization will be breached, it’s a matter of when and how.
Security is a serious concern in the IT industry, but modernization is often not seen as a solution. One reason is the mixed perception of modernization’s benefits and inherent risks, as highlighted in a recent survey: while 48% of federal IT leaders engaged in modernization efforts perceived increased security issues, only 25% noted decreased security challenges.
Modernization should be a top priority on everyone’s security strategy. Read on for the top three surprising reasons why the benefits heavily outweigh the risks.
Previously, people had accepted the common notion of “security-by-antiquity” or “security-through-obscurity” – the idea that legacy systems’ outdated technology makes them more secure. This view prevailed despite the growing number of attacks on older IT systems.
However, as Computerworld recently reported, “new research is turning on its head the idea that legacy systems — such as Cobol and Fortran — are more secure because hackers are unfamiliar with the technology.” The “security-by-antiquity” theory might have worked once, but the continued attacks on legacy systems reveal the underlying risks a lack of encryption and documentation pose.
Change is easier said than done. Even today, major businesses, financial industry giants and large parts of the federal government continue to rely on COBOL. According to InformationWeek, 70% of business transactions are still processed in the nearly 60-year-old programming language.
2. Customers Want Greater Access
The shifting mobile and digital landscape has significantly changed customer interaction and expectations. Today’s customer demands greater access through multiple channels to products and services while still expecting their financial and personal data to be protected.
According to The 2016 U.S. Mobile App Report, smartphone apps now account for 50% of time spent online in the US – no surprise as device ownership is skyrocketing. This high level of access requires organizations to think differently about security.
Data protection, access control and physical security are now as important as the organization’s offering and services. However, the risk is much greater for those contending with the limitations of older IT systems engineered for yesterday’s needs. Modernizing older platforms or migrating systems to newer architectures will not only eliminate vulnerabilities, it can increase response time – critical in today’s fast-moving pace.
3. Passive Security is a Thing of the Past
Data breaches are happening at record rates – 2016 saw a 40% increase in reported breaches, while 2017 is on pace to match or exceed this record. Even more damaging than the breach itself is the detection time.
A recent report suggests it can take more than six months on average to detect a breach, giving attackers time to capture and exploit sensitive information. Organizations need to assume they will be breached and act accordingly.
Legacy systems were built based on perimeter defense to protect them from outsiders. This method assumes the ability to limit access, nearly impossible today, and “defends” rather than “detects.”
Modern systems anticipate and combat threats using automation, advanced analytics and continuous monitoring. Customer data can be protected with techniques such as Identity as a Service. Ultimately, modernizing legacy systems offers organizations an opportunity to assess their data, their level of risk and build proactive security measures into their applications.
Nobody wants to be one of the numerous companies attacked in recent years, but the possibility of a large-scale data breach happening anywhere at any time is very real. As organizations continue to amass enormous amounts of personal data, they must protect it against increasingly sophisticated cyberattacks.
The reality is today’s digital and mobile-focused world is full of risk. With organizations granting greater access to customers and employees and, perhaps as a result, hacking incidents rising to historic levels, modern IT requires adaptive systems and proactive security strategies.