Nitec
Contact

Nitec

Nitec
All articles
Software

Old Software Never Dies… Until Hackers Find It

Why clinging to legacy systems can cost more than just downtime.

Old Software Never Dies… Until Hackers Find It

Over the last few weeks, we have seen a significant attacks by state actors on Microsoft SharePoint where companies were hosting their own SharePoint on premises.

 

SharePoint, for those not aware, is a very useful application, which allow companies to share documents and files over the internet in a way that old File Shares just couldn’t manage. It is also a very feature rich solution with version control on files and the ability to add tags and add custom fields to the files to allow dynamic organisation. It also facilitated workflow so, for example, you could get notified if a file you were interested in, changed.

 

Microsoft’s own Office 365 SharePoint Service was unaffected by the issues, because, as with most of these types of attack they were taking advantage of vulnerabilities in software that was not well enough patched. This brings into sharp focus the issue of having unsupported Operating Systems and Applications in your business. These bring real world problems into your business. Something we are all more aware of this year after the CO-OP, M&S and Harrods debacle of recent weeks and months.

 

You often see issues like this with production systems, and in some ways they are understandable. A company buys a widget pressing machine in 2000 and 25 years later it is still just as capable of pressing widgets as it ever was, but the software that supports and communicates with it only works on Windows Server 2008, for example. It’s easy for IT to say that you should update the machine but, in a scenario where the machine costs £1,000,000 and is working perfectly, it can be a hard message. The real world, as we all know is a messy place, and very few things fit neatly into the boxes we want them to.

 

There are a number of lessons we can learn in relation to SharePoint.

  • It costs money to replace unsupported devices but it is worth every penny.
  • If it absolutely cannot be replaced, yet. While doing everything in your power to update/replace in the longer term. You must spend the money on segregating devices that are out of support, into their own, more protected space.
  • SIEM. You must have sufficient logging and security to have an idea if someone is targeting it.
  • SOC (Security Operations Centre). Someone needs to be looking at those logs, ideally 24x7. The bad actors usually aren’t in our time zone.
  • Implement Zero Trust principles (more to follow in the next episode)

 

In a world where many nation states seem to have a penchant for ransoming businesses in the West, just like yours, these areas of IT have gone from an expensive, annoying  ‘nice to have’s’ to expensive, annoying essentials. In fairness, the scale with which businesses are deploying these solutions has reduced the pricing, but they are still significant expenses.

 

Times change, and progress cranks relentlessly forward. Not always for the better!

The message is clear though. The days of running old software and operating systems are over, if they were ever a thing.

If you are struggling with this Nitec engineers and consultants can help you with a strategy to identify and remove or control these problems and ensure you are in a position to stay on top of them with all 5 solutions above.

Next missive, Zero Trust and VPN’s


Related articles

Shimming: The Card Scam You’ve Never Heard Of (But Should Be Worried About)Shimming, not to be confused with phishing or smishing, is the latest in a long list of words, made up by IT people with too much time on their hands, that you need to be aware of when trying to keep your card details safe.

Windows 10 Is Reaching End of Life – Here’s What You Need to DoOn the 14th of October, Windows 10 will no longer be supported by Microsoft. You need to act now to prepare.

Why the M&S and Co-Op Hacks are a Wake Up Call to EveryoneWhy proactive cyber defence is no longer optional - and how Nitec helps businesses stay secure in an age of rising threats.

Secure Work, Anywhere: Protect Your Business on the MoveStay connected and secure whilst travelling with the Nitec Portal.

Microsoft Turns 50: Honouring the Past, Building the FutureCelebrating 50 years of Microsoft innovation and our proud partnership along the way.

A Cut Above the Rest: Phish-Resistant MFAWhy traditional Multi-Factor Authentication isn’t enough anymore. Enter: Phish-Resistant MFA.

Let's work together

Thank you for your enquiry. Someone will be in touch as soon as possible!

Our use of cookies

Some cookies are necessary for us to manage how our website behaves while other optional, or non-necessary, cookies help us to analyse website usage. You can Accept All or Reject All optional cookies or control individual cookie types below.

You can read more in our Cookie Notice

Functional

These cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics cookies

Analytical cookies help us to improve our website by collecting and reporting information on its usage.

Third-Party Cookies

These cookies are set by a website other than the website you are visiting usually as a result of some embedded content such as a video, a social media share or a like button or a contact map