Statistics from Kaspersky says that a higher loss rate of 47% in financial aspect is evident compared to those using the new ones in case a data breach happens, this is according to their research. An almost 50% higher loss rate is already a big blow than more sophisticated systems that got breached. Therefore, we want to advise existing industries to replace legacy equipment and software or apply security patches to old software.
Problems with out of date technology
The problems with out of date technology both hardware and software are the risks on unpatched known exploits, easier to exploit zero-day exploits, weaker encryption, and well-known open secret exploits can be used on them. Not only they lose more money, but they are hacked easily.
According to Kaspersky, it is more evident on small to medium-sized businesses that with outdated technology, they lose more money because the loss is magnified up to 54% than their competitors using updated software releases.
Based on North American organizations which were researched by Kaspersky, in terms of actual dollar value, large businesses using outdated technology can lose on average $1.3 million as compared to $836,000 for companies with up to date technologies. For small and medium enterprises during a data breach scenario, a fully updated hardware or software may cost $74,000 compared to $114,000 against an outdated one.
Why is it companies do not update their technology?
Primarily companies refuse to update their hardware and software is due to employee setback. An estimated to almost half of organizations worldwide have employees who are reluctant to work with new versions. At the same time, the same number of companies keep their old devices or old software because they use legacy systems. According to Kaspersky, an estimate of one-third of businesses said outdated technology is utilized by C-level staff and is not included from their update plan.
There is no silver bullet of prevention on getting hacked or experiencing a data breach, however, here are some tips that you may want to consider to avoid data breach and reduce the impact once a breach happens.
Updating hardware and software technologies on every machine possible that is connected via a network. Connecting to a network with legacy technologies is a considerable risk. Most cybercriminals and adversaries target old hardware and software because it is easier to hack due to available exploits discussed on the internet, especially on forums congregated by blackhat hackers. New technology or an equivalent patch will be more challenging for hackers to exploit a device or network. If you are familiar to the world of Jailbreaking in iOS and rooting in Android, then that is the nearest comparison we can tell you. In simple words, the older the software, the more it gets studied, the more exploit is explored. While the newer the technology, the harder it gets hacked due to old patched exploits will not work anymore. Thus the only chance to gain access is to find a zero-day exploit(hacker POV).
Now what to do when a data breach happens? Paying a ransom might be too late because the data is already exposed.
Enterprises will need to control the spread of the exposed data because they are subject to the scrutiny of related privacy laws and worse the GDPR. Failure to follow these laws will lead to penalties and not to mention public humiliation. A threat intelligence team that can spot brand abuse utilized as a misassociation to further distribute the leak or malicious activities must be deployed to spot them across the web and the dark web to control the damage. Without any proactive action to search and destroy the said malicious activities of distribution will further damage a company’s reputation, and at the same time glorify the data breach through its perceived impact.