Stop Falling Prey to the Security Breach Hype-CycleNigel Stokes
There’s a clear pattern each time an IT security breach hits the news. The breach happens, and the tweets, blogs, emails, and phone calls start arriving from antivirus and security vendors. It’s almost as if they were waiting, like they’re delighted that it happened.
Do the software vendors benefit from the hacker’s work? They do. Some experts claim vendors even encourage the work of hackers. Reportedly, Russian and Chinese software and hardware vendors leave backdoor access, creating a remotely exploitable vulnerability that can give an attacker root system access.
When a security breach hits, is buying more antivirus, security software, or network hardening the first thing to do? The answer is No – there are more effective and straightforward steps to fix the most important security exposures.
Newer systems are more secure
Today, IT operates in a new Zero Trust cybersecurity era. However, some systems are less trustworthy than others. The security of modern operating systems, servers, and networks is much better than older legacy systems. Most security breaches occur on old systems. Too many organizations are running decades-old architectures that have well known hacks. The WannaCry and NotPetya hacks rely on security exposures in WS2003. We can thank legacy systems for the endless string of news stories about security breaches in infrastructure, power grids, water facilities, hospitals, and banks.
Fixing cybersecurity problems doesn’t mean you need to buy another round of antivirus and threat detection software for modern systems. Hardening modern servers and networks will not close security holes on legacy systems, no matter how much money you pour into security. If you don’t close known legacy system hacks, they won’t magically disappear.
Most security spending is focused on after the fact forensics – after the breach has happened. Digital forensics focuses on determining who left the barn door open once the horse is gone.
Here are two important things to remember:
For legacy Windows systems, there is no door on the barn.
Simple automation and a vulnerability analysis can put a door back on the barn and lock it.
What should you do?
The first step is to fix legacy system exposures. If you’re running apps on an unsupported operating system, you’re leaving your systems open to attack. Modernizing closes security exposures by moving legacy apps to modern, secure operating systems and hardware. Once apps are on modern servers, you can perform a vulnerability analysis and remediate apps as required to fix problems, such as cross-site scripting or other software issues.
- If you’re running applications on old Windows systems, upgrade your hardware and operating systems.
- Move your software apps from old operating systems like WS2003 and WS2008 to modern, secure WS2012, WS2016, and WS2019 systems to eliminate WannaCry and other malware exposures.
Migration Intelligence can help
Use an automated migration tool to isolate legacy apps and dependencies from the underlying OS. Then, move your legacy apps to a new server and OS (upgrading web server and database components on the fly as required). After the move, you can perform a vulnerability analysis and remediate or enhance the apps as needed.
You don’t need install scripts or source code for your legacy apps. Automated migration takes care of the move and saves months of effort usually needed to upgrade apps.
Move beyond the security breach hype-cycle
Cyber threat detection on modern systems offers few advantages. It’s time to close the barn door on legacy systems and move apps to newer, secure servers.
When breaches happen, organizations that have historically done nothing about fixing known exposures of legacy systems may face serious legal claims from customers, shareholders, and governments. People are demanding that companies be held responsible for securing the large database of personal data they collect and maintain.
If you’re tired of the security breach hype-cycle and need help upgrading your Microsoft Server applications, don’t hesitate to give us a call. We modernize apps and move them to new, secure Windows operating systems every day. We’d be pleased to share what we know.