During a keynote speech at this year’s Infosecurity Europe conference, Baroness Dido Harding former chief executive of TalkTalk warned other business leaders of the implications of legacy tech.
Legacy tech generally refers to outdated systems operated by businesses and organisations that can leave them vulnerable to hack attacks. As TalkTalk found to its cost when in 2015 it became the victim of a data breach which led to a record £400,000 fine and huge damage to its brand reputation.
At the time TalkTalk revealed that 28,000 credit cards were stolen as well as bank account details. In all more than 150,000 customers were affected.
Baroness Harding outlined some of the dangers facing companies when operating such outdated systems. Firstly, she said, organisations can find themselves unaware they are actually running such systems and this ignorance can have serious risks. Particularly, with organisations that are growing rapidly.
This was what happened at TalkTalk as Baroness Harding explained, ‘we were a fast-growing company, acquiring others and were hit by a simple SQL vulnerability in a legacy website that no one noticed.’
Another aspect she highlighted was the lack of awareness and understanding when it came to vital software reaching its end of life. It is quite astonishing that many organisations still run Windows XP which hasn’t had any security updates for several years. A general reluctance to update operating systems can, of course, have serious security implications.
Likewise, the daunting task of updating systems may inhibit some companies from implementing it. Doing so can eat up time and budgets and often a perceived notion among management that being locked-in with their vendors deters making the decisions necessary.
But as Baroness Harding said this is a fallacy. She believes that organisations should understand that barriers that may be seen as hindering updating their technology does not, in reality exist.
As she pointed out technology is available that provides for these applications and compatibility and doesn’t discriminate against technology suppliers. One area is with compatibility containers.
Containers are software packages that contain everything the software needs to run. These offer a ‘lift and shift’ option which replicates in-house apps and programs in the cloud without a re-design. These are widely available and offer real benefits to companies and organisations.
But, as she emphasised it is the lack of technological understanding among business leaders that remains the key problem. And having people such as Baroness Harding speaking about this issue may well see it diminished over the next few years.