Both older (legacy) and newer technologies come with their own sets of risks. Knowing the details of each is vital:
In today’s rapidly evolving technological landscape, understanding the risks associated with both older and newer technologies is crucial for maintaining robust cybersecurity measures.
OLDER TECHNOLOGIES
Older technologies are often times a challenge due to the lack of support, absence of security patches and (sometimes) reduced knowledge in the market to keep it running, observes Spain based Flavio Carvalho, CISO at Iberia at Crédit Agricole Personal Finance and Mobility.
Hemant Kumar, CISO at Bajaj Auto Credit explains that older technologies often lack the robust security features of modern systems. They may not receive regular updates or patches, making them more susceptible to exploits and breaches. As technology advances, older systems may also struggle to integrate with newer hardware or software. This can lead to inefficiencies and additional costs for maintaining or updating these systems.
He adds that manufacturers may discontinue support for older technologies, making it difficult to find replacement parts, skilled technicians, or updates. This can also affect compliance with regulatory standards. Older technologies may not be able to handle current demands or workloads, leading to reduced performance and productivity. Maintaining and repairing outdated technology can be costly and time-consuming. These systems might require specialized knowledge or parts that are no longer readily available.
Ratan Jyoti, CISO at Ujjivan Small Finance Bank, agrees with Hemant about patches, particularly security patches, which leaves older systems vulnerable to exploitation. He adds that integrating outdated technology with modern systems can be challenging, potentially creating security gaps and vulnerabilities. Legacy systems may rely on antiquated security protocols that are no match for contemporary cyber threats. Well-documented vulnerabilities in older technologies are often targeted by malicious actors who exploit these weaknesses.
Older technologies may lack the capability to support advanced security features necessary to combat current threats. Reduced performance of outdated systems can lead to increased downtime and security lapses, further exposing the organization to risks, avers Ratan.
NEWER TECHNOLOGIES
Flavio sees security gaps in newer technologies as well. He points out that newer technologies might not yet have the necessary maturity security level. They might be in a fast cycle of new releases that might pose a risk for stability and security. “In my experience it´s difficult to manage the legacy, although a critical function in technology roadmap, but easier to avoid adopting new, cutting-edge technologies. Banks are amongst the most profitable industries, avoiding risk as much as possible,” says Flavio.
Ratan reveals that new technologies can introduce novel attack vectors that are not yet fully understood or mitigated. The rapid development and deployment of new technologies often outpace the establishment of comprehensive security measures. Advanced systems come with increased complexity, leading to potential misconfigurations and security oversights.
He adds: “Integrating new technologies with existing infrastructure can create security gaps if not managed properly. Fast-paced advancements can lead to a lag in security measures, leaving new technologies vulnerable to emerging threats. Increased reliance on external vendors and cloud services introduces additional supply chain risks.”
New technologies often introduce novel vulnerabilities, feels Hemant. While they might come with advanced security features, they can also be targeted by new types of cyberattacks before their weaknesses are fully understood and addressed.
He agrees with Ratan that new technologies may not seamlessly integrate with existing systems, leading to potential disruptions and requiring additional resources for integration. Emerging technologies might not yet have a track record of reliability or performance. There may be unknown issues that become apparent only after widespread adoption.
Hemant adds the cost factor. New technologies can be expensive to implement and maintain. The costs can include not only the initial investment but also training, system integration, and ongoing maintenance. The pace of technological advancement means that new technologies can become outdated quickly. This can lead to the need for frequent upgrades or replacements, adding to long-term costs.
Both Ratan and Hemant point out that new technologies, especially those involving data collection and analysis, can raise privacy issues. Users might have less control over their personal information or be subject to new forms of surveillance.
Balancing the adoption of new technologies with the maintenance of older systems requires a nuanced and calibrated approach to security. Organizations must stay vigilant, continuously update their security practices, and ensure both legacy and cutting-edge technologies are adequately protected.
Recent Articles:
Swedbank leverages data to the hilt