Is your organisation using unsupported software?

This year Windows have already announced multiple systems which have reached the end of their support cycle. In addition to these, between the months of October to December this year there are further systems to reach their end of life with the manufacturer. In preparation for this, it is important to understand the threatening concept of unsupported software in any organisation.

What is wrong with unsupported software?

Firstly, if a device is no longer supported that means the device will no longer receive updates from the manufacturer. A software update will contain fixes regarding newly identified vulnerabilities alongside new features the manufacturer has implemented. Once a vulnerability is identified it can quickly be exploited by malicious individuals to gain access to networks and computer systems.
Moreover, if the organisation is running an upgraded Operating System but attempts to run an end of life software the variations in versions will prove problematic for the user’s operations. This revolves around updates not being received by the unsupported software. Due to this the software is incompatible with the latest version, causing problems when the user attempts to carry out their work.
Furthermore, unsupported software creates compliance issues where multiple certificates and accounts require a certain standard of security to be upheld in relation to storing their sensitive information. With the rise of attention presented to GDPR it is essential the organisation meet the requirements set out as part of their agreement when holding sensitive information, without this the company can be open to a range of fines damaging the company’s reputation.
Finally, unsupported software leads to a decline in system performance meaning the structure is more likely to breakdown. This downtime could affect business operations and can lead to a loss in revenue within the company. This can be time consuming for the organisation to fix.

Cyber Essentials and Unsupported Software

As part of the Cyber Essentials requirements the machines on an organisations network should be fully updated, licenced and supported. Requiring general software updates are completed within 14 days of release, reducing the attack surface for attackers. With programs coming towards their end of life it is advised organisations begin re-evaluating their use of the software and begin removing or updating the software as soon as possible. The organisation should have a plan in process prior to the end of life of the system to ensure the changeover is smooth and can be managed around business needs.
A full review of products which reach end of life in 2019 can be viewed here.
Further to this, in 2020 more Windows applications will be reaching their end of life, view these here to allow your organisation time for review.
Download your questionnaire today to assess your organisations standards!