Legacy technology poses a significant and enduring risk to any organisation’s cyber security.
Legacy technology is defined as any technology that is no longer supported by the manufacturer, developer or vendor. This means that these technologies do not receive important security updates and patches and are more vulnerable to cyber attacks.
Malicious actors can also use legacy technology vulnerabilities to gain access to other more modern systems that your organisation relies on.
Managing legacy technology is a priority in maintaining the overall cyber security of your organisation. Take action on your legacy technology by replacing it with technology that is still receiving support and updates from the manufacturer, developer or vendor.
Where this is not feasible, or replacing legacy technology will take some time, temporary measures should be adopted to mitigate some of the risk.
These measures include implementing or increasing:
- Best practice event logging
- Appropriate network segmentation and/or segregation
- Common hardening techniques
- Multi-factor authentication (MFA) and account hygiene
- Application surface reduction
- Scheduling system availability and access.
Discover more resources below to help you manage your legacy technology including guidance for executives and practitioners.
End of support for Microsoft Windows and Microsoft Windows server
Support for Microsoft Windows and Microsoft Windows Server users following the expiration of the specified servicing timeline.
Managing the risks of legacy IT: Executive guidance
This publication provides high-level and strategic guidance for an organisation’s executive seeking to manage the risks of legacy IT.
Managing the risks of legacy IT: Practitioner guidance
This publication provides guidance for practitioners on managing the risks posed by legacy IT and outlines low-cost mitigations that organisations can draw upon.