As new threats emerge, users must be reminded of the dangers from utilizing old software that is no longer supported and how to mitigate these risks. Brandon Begg, a member of Centrality’s Managed Services Response Center team, explains the importance of keeping your software version current.
Viruses and malware – we have all experienced or witnessed it at some point in our everyday usage of technology. While the geniuses that program the software to combat them work tirelessly, the hackers with malicious intent are perpetually neck and neck with them to wreak havoc. Regardless, the hackers have already won if a user’s software is not current, and if they are uneducated on how to protect themselves.
The Evolution of Malware and Viruses
Typically, when somebody thinks of a virus, they will imagine irritating pop up ads, junk mail, and so on. While these things have been around since the dawn of the internet, they have become more intelligent and mischievous in recent years. In fact, some viruses have gone from just irking, to very dangerous.
A prime example of this would have to be the crypto virus, or in leman’s terms, ransomware. This software literally holds your data hostage at the mercy of its creator. By encrypting your entire hard drive with a key, your data will only be released if you pay the hacker a sum of money (usually in bit coin form). When this happens, your only two choices of recovering your precious data lie in restoring from a backup, or forking over the ransom. As this malicious software is constantly evolving, you must also make sure your own software and services are up-to-date for your protection. If not done routinely and your business files become infected, this can quickly go from troublesome, to devastating and fatal.
A Crash Course on Patching
Vulnerabilities in software are fixed just as quickly as they can be exploited. Around the clock, programmers for antivirus software are racing against time with hackers to help prevent these bugs from being utilized. However, as software ages and newer versions are naturally prioritized, users who remain left behind will become sitting ducks for an attack, and will be out of luck when no help is given.
A prime example of this would have to be users who are still on Windows XP. This is a relic version of Microsoft’s ubiquitous Windows operating system that debuted in 2001. In April 2014, it was finally dropped from Microsoft’s support program. Anybody that still depended on it was on their own from that point. Microsoft usually gives each major release only ten years. They granted an extra three to Windows XP due to its massive user base at the time.
Subsequently, when support for a major operating system is dropped, software vendors will stop supporting it as well. For example, the software and/or hardware may no longer properly, or even at all, as they no longer write code for it. Naturally, this allows for hackers to find new exploits in the software that will not be patched by Microsoft. Due to this, if you become infected, don’t expect Microsoft or any major software vendors to offer much assistance. If your organization depends on outdated software, you are basically a ticking time bomb for a disaster to strike.
What is at Risk?
If you manage to only become infected with malicious software that is bothersome at best, ranging from pop-ups or junk mail, consider that benign when you learn of how dangerous they’ve truly become. As mentioned before, your entire drive could become infected with the crypto virus and be held for ransom. Leaving the only choice in recovering your data to pay a sum of money if you did not back up. This sort of tragedy will only go from bad to worse if it manages to spread throughout your internal network. Thus, making the fate of your entire organization hang by a thread.
Important credentials and personal information can also be stolen, creating chaos in your personal life (such as your banking information, or even your social security number). This can lead to financial issues, or even identity theft. While nobody connected to the internet is completely immune from threats, the risk skyrockets when it comes to unsupported software. It is vital nonetheless to become aware of their nature and intent to combat them.
While using the latest and greatest software does offer protection as its makers find and correct exploits day and night, this does not make it impenetrable. Zero day threats exist so new to the point where software makers remain briefly unaware of their existence. That narrow time window is still more than plentiful to infect users, however. The only true way to counter these is by user education. In any business environment, the end users must be taught and educated of these dangers, and how to avoid them.
Primarily, they must be made aware that just because protection is installed, whether in the form of a web filter or firewall, antivirus software, and so on, it does not mean that they are completely safe. This false ideology of bliss can lead to carelessness when using company hardware. Again, these mediums have no effect on zero day threats, only their knowledge can render them powerless.
Make sure everybody is aware to never open any suspicious-looking emails, or browse non-work related websites during company time. Sometimes, a hacker can spoof an email to make it seem as if it is from somebody in your organization. This is why users must learn to question everything if something seems a bit off.
Going forward, it is up to a company to do two things at the end of the day:
- keeping up with the rapidly-changing world of IT, and
- ensuring that its end users are receiving consistent and knowledgeable training to adhere to security standards set in place.
As both programmers and hackers are always trying to keep up with one another, you must keep up in the IT world in ensuring that your software and hardware is supported. Just as important, you must also educate your users to be aware of new threats. Both need to work together hand-in-hand to create a business environment with maximized productivity and security, while minimalizing downtime to keep the integrity of your business safe.