Every month, every week, even every day, attackers find new weaknesses to exploit.
In turn, software and hardware companies alike issue critical updates to close the gaps.
But how do you secure outdated software and hardware when it no longer receives support?
You can’t just throw out critical equipment. And you can’t just replace expensive outdated software and computer systems.
However, as the cost of data breaches, ransomware, and security failures continues to skyrocket, you’re left between a rock and a hard place.
Just how expensive are they? Well, in 2021, the cost of a single data breach was more than $4 million -the highest on record.
It leaves you wondering: “How can I protect my business from security threats without breaking the bank?”
Fortunately, even a modest investment in basic IT technology can isolate many of these vulnerabilities from the outside world – and from the rest of your network.
The Risk of Outdated Software and Hardware
Microsoft ended support for Windows 7 on January 14, 2020, and Windows XP back in 2014.
And yet even today, 53% of industrial sites still maintain obsolete Windows OS.
Similarly, 83% of medical imaging devices run on operating systems which no longer receive updates. Even worse, 53% of connected medical devices have an identified critical risk.
Considering these medical devices include 73% of IV pumps and most laboratory devices, these sorts of outdated software and hardware vulnerabilities literally threaten lives.
This helps to explain why the healthcare industry was such a target in 2021, such attacks directly affected 45 million people.
Though industrial control systems may not threaten lives, 40% of industrial sites have at least one direct connection to the internet, with at least one Industrial Control System (ICS) device exposed.
Additionally, 57% of ICS sites don’t run automatically-updating antivirus programs.
This broad exposure of Operational Technology (OT) explains why both the LockBit and Conti ransomware gangs target the industrial sector so effectively.
Isolating Outdated Software and Hardware
The bad news is that many of these vulnerabilities simply can’t be fixed.
Maybe it’s because their hardware and software don’t receive updates, or maybe it’s because they require obsolete Operating Systems (OS) to control them.
But, while the equipment or controlling PCs remain vulnerable, there’s a solution available: network isolation.
Network isolation provides three distinct advantages for IT security:
- An isolated device is harder to locate and exploit
- If an attacker hacks the vulnerable device first (such as through physical access), the rest of your network remains harder to attack
- Even if the attacker has the skill to defeat isolation, the additional time and techniques required should set off alerts, allowing your team to catch the attack
The good news is that network isolation doesn’t require expensive new technology, and is achieved inexpensively.
By isolating outdated software and hardware, you limit crucial access points, thus protecting your systems.
Network Segmentation
Another key technique to secure your systems is network segmentation.
This uses either physical or virtual network equipment to isolate devices from the rest of your network.
How effective is it? Very.
In fact, researchers estimate that 90% of healthcare ‘internet of things’ critical risks can be addressed through network segmentation.
This technology integrates with user groups, multi-factor authentication (MFA), and other security techniques to provide secure IT isolation.
For example:
- In a healthcare provider network, access to HVAC systems could be restricted to the user group ‘janitorial staff’ and requires their security badges for MFA.
- In a dairy-processing facility, the various equipment (pasteurizers, bottlers, etc.) and their controlling computers can be white-listed, so that they only can communicate with devices on the network segment
- In a trucking company, the computers holding financial data can be restricted to usernames associated with accounting
Segmenting your networks is a great way to add a layer of security to your un-patchable systems.
An Updated Shield of Protection
Whether you have siblings or not, you can probably picture the following scenario: a little brother or sister is picked on by the schoolyard bully, and in turn, hides behind their big brother for protection.
In a sense, computer systems can do the same thing.
Paired computers and virtual machine isolation works by attempting to shield vulnerabilities. They do this by hiding vulnerable components behind a network-connected-device that can be fully patched and secured.
The use of paired computers is a low-tech micro-segmentation.
It creates a network segment of two or more devices with a hard-wired connection, and blocks all other access (ports, wireless, etc.)
For example, a vulnerable (but necessary) device running Windows XP can be directly wired to a fully-patched Windows 10 PC (which is connected to the rest of the network.) Users can access the vulnerable, outdated machine through the protection of the newer, protected computer.
Virtual machine isolation uses the same principle. However, instead of a second physical machine, it uses a virtual device.
This adds flexibility for the location of the host PC and the number of devices that could be controlled.
For example, a regional power company could connect multiple sensors to a cloud-based server. This server could isolate and control devices over a wide geographic area, using a segregated network of virtual PCs.
Whether you use physical or virtual methods, there’s almost always a way to shield your outdated software and hardware behind a wall of protection.
Taking the First Step
Not every system can be updated forever.
Companies go out of business, product lines change, and outdated programs eventually stop receiving support.
But, whether due to budget constraints or a lack of better options, you might find yourself needing these unsupported systems.
Before panicking, consider the techniques above.
Isolation, segmentation, and shielding are all powerful and effective techniques available to nearly every organization.
While relatively basic techniques, experience and expertise should be used to implement these techniques securely.
If you’re looking for a little help or guidance, feel free to contact Ideal Integrations at 412-349-6680, or fill out the form below.
Our IT experts can provide a free consultation along every step of the way, and have you on a path to securing your future.