Colonial Pipeline – JBS – Microsoft – and most recently, Kaseya. These high-profile news stories provide only a tiny sampling of the recent ransomware attacks hitting critical business infrastructures every, single, day. And they’re getting more and more common. US ransomware attacks skyrocketed by 300% last year alone.
What are ransomware attacks?
Well, that’s a good question. Essentially hackers breach a company’s cyber defenses and thus have full access to their system and files. Hackers will then encrypt the company’s files, or somehow prevent them from doing business. Essentially, they’ll hold this data hostage until the company pays up.
What’s wrong with legacy systems?
Now, there are a lot of factors that are contributing to this increase in ransomware attacks. But one of the big ones – that we just so happen to deal with here at ASI – is legacy systems. What are those, you ask? Computer systems that were developed years ago to help run operations that have since become outdated. And if legacy systems aren’t updated and protected, they’re a risk. Time passes, threats evolve, and legacy systems are in danger of falling behind if they’re not paid proper attention.
But you are vigilant on updating and patching your legacy system. You should be good, right? Not necessarily. Many of these older systems have hard-coded passwords and built-in “backdoor” accounts. These were failsafe’s that vendors included as an ‘admin’ account if the account or access was blocked. And while these practices were quickly abandoned as the internet grew and expanded, several systems still have them tucked away, ignored and forsaken.
Many of these discontinued systems simply do not have or even make patches or updates any longer, so all fixes must be implemented ad Hoc by experienced professionals. And even if vulnerabilities are found, an RSA conference survey from 2018 noted that only about 47% of companies patch these issues right away. Why, you ask? The most common reasons were not having the time, money, or knowledgeable staff to do it.
Hackers go for easy targets.
So what’s the solution? Don’t be an easy target! The BIGGEST danger in legacy systems is a lack of awareness. If your staff members are retiring and you’re running out of knowledge on how to update your system, give us a call. We’ve dealt with vendor, homemade, and piecemeal/cobbled systems for over 25 years. We can take a look and get you to where you need to be.
