Many of today’s businesses rely on old software, written in code from a time before today’s cyber crimes existed.
Your applications could potentially be written in programming languages no longer used or taught, making them ideal for malicious attacks.
As your system ages, the amount of dead or potentially vulnerable code contained continues to expand. The presence of unmaintained or abandoned code can create new weaknesses.
Antivirus programs don’t offer enough protection as few cater to ageing systems, and the majority on the market do not scan inactive code—the points where legacy systems are most vulnerable.
Legacy-specific antivirus applications cannot protect against attacks that target dead code, malware attacks can rely on inactive code to hide and therefore go undetected, so an organisation is likely unaware it has been compromised.
With so much at stake organisations need to take action to mitigate risk, we recommend:
- A full code review and audit to assess the risks
- Identify and eliminate inactive code
- Document changes – critical to protecting the integrity of the system
- Re-evaluate the processes associated with changes to business rules
- Apply the least privilege principle and apply strong passwords – legacy systems tend to allow far weaker passwords than required by today’s standards
- View security as a continuous process as opposed to a one-off fixMaintain security patches to keep the system up-to-date with the latest vulnerability fixes
We are one of the few software agencies willing to work with legacy code and systems, and have many years experience of conducting code reviews which will assess your current vulnerabilities and recommend refinements to reduce your risk of cyber crime. Upgrading old software is a painful and costly process but deferring those upgrades could be catastrophic for your business.