December 15, 2020
We talk about the importance of updating your software all the time — whether it’s applying the dreaded Windows Update patches from Microsoft every Patch Tuesday or completely removing depreciated applications. It’s no secret that these updates can cause problems for some people, but unfortunately it doesn’t change the fact that these updates are imperative. How do you manage the sometimes difficult task of keeping your company running during and after applying critical updates — updates that are designed precisely for keeping things running in the first place?
Updating and cybersecurity both begin with risk assessment.
Which key systems need to be updated and upgraded — and when — are ongoing questions for managers and admins, and you require an experienced IT company to help you make those determinations. But you also need to know where your biggest vulnerabilities are and how those vulnerabilities could impact your business. Some systems need to be updated immediately, but not all. To complicate matters further, depending on the age of the system you’re updating, an update could potentially damage it. Your decision-making process must be inherently risk-driven — that is, you must weigh the potential cost of action versus the cost of inaction for each individual system that normally keeps your business afloat.
There are some systems that just can’t be patched.
It’s true. There are some legacy systems that businesses rely on that are so old, you simply can’t patch them safely or in any meaningful way. If nothing else, however, there are important steps you can take to protect legacy infrastructure.
1. Secure Your Endpoints
The difference between endpoint security and say, antivirus software, is that endpoints bear some or all responsibility for their own security. For example, equipment such as programmable logic controllers (PLCs), remote terminal units (RTUs) and intelligent electronic devices (IEDs) should be made secure by allowing only communication to reach them for which they are designed for. Filtering out any and all unnecessary traffic from the communication channel leading up to the endpoint prevents it from being exposed to an exploit or attack.
2. Secure Your Network
If you’re using a legacy device, chances are the network communication protocol it uses isn’t secure. Even if it already has a form of security, it’s likely quite old and can be easily broken by now. A good way of preventing what’s known as a “man-in-the-middle” attack which exploits weaker versions of SSL and SSH used in the past, is by routing all communication through a VPN.
3. Remain Vigilant and Monitor Both
Once you’ve secured endpoints and their network, you have to watch them both carefully. We have ways of doing that for you. New vulnerabilities and exploits are discovered daily, and your network is always going to be under constant threat whenever something newer comes along.
Rimstorm will work with you to help you determine where your most vulnerable areas are, what should be updated and what the potential risks are for updating — or NOT updating. By working together, we can minimize any impact to your business.