{"id":21248,"date":"2024-08-28T11:04:45","date_gmt":"2024-08-28T18:04:45","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=21248"},"modified":"2024-10-22T09:50:48","modified_gmt":"2024-10-22T16:50:48","slug":"unveiling-the-risks-of-legacy-systems-and-how-to-mitigate-them","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/unveiling-the-risks-of-legacy-systems-and-how-to-mitigate-them\/","title":{"rendered":"Unveiling the Risks of Legacy Systems and How to Mitigate Them"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"21248\" class=\"elementor elementor-21248\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ff577d7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ff577d7\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b11e064\" data-id=\"b11e064\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7b27f49 elementor-widget elementor-widget-text-editor\" data-id=\"7b27f49\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">A few years ago, a report from the U.S. Government Accountability Office (GAO) revealed that <\/span><a href=\"https:\/\/www.nextgov.com\/modernization\/2019\/06\/10-government-legacy-systems-cost-taxpayers-337-million-every-year\/157682\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">10 legacy systems<\/span><\/a><span style=\"font-weight: 400;\"> belonging to federal authorities were between 8 to 51 years old and cost approximately $337 million annually to maintain. These systems were present in the Departments of Defense, Education, Treasury, Homeland Security, Transportation, and Social Security Administration and included a 14-year-old COBOL system in use by the Air Force and an 18-year-old industrial control system utilized in U.S. dams and power plants.<\/span><\/p><p><span style=\"font-weight: 400;\">While most of our federal agencies have made concerted efforts to modernize their technology and move to cloud environments, others have either partial or no technology improvement plans in place. One good example of the successful modernization of legacy systems is the U.S. Air Force, which underwent updates despite the considerable budgetary strain of the contract. <\/span><a href=\"https:\/\/www.gao.gov\/assets\/gao-19-471.pdf\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">GAO reports recorded savings reached approximately $34 million annually. <\/span><\/a><span style=\"font-weight: 400;\">Unfortunately, although all federal agencies have been made aware of the risks associated with using legacy systems, many simply lack the funds, skilled personnel, time, and expertise to navigate such large-scale changes.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">To address this need, the U.S. Government has introduced special initiatives for critical infrastructure entities, such as the<\/span><a href=\"https:\/\/www.whitehouse.gov\/build\/maps-of-progress\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\"> Bipartisan Infrastructure Law (BIL).<\/span><\/a><span style=\"font-weight: 400;\"> This legislation addresses pressing technology modernization needs by allocating funding to deserving organizations, aiding them in fortifying their defenses against escalating cyber threats. Early indicators suggest that BIL funding has surpassed <\/span><a href=\"https:\/\/www.whitehouse.gov\/build\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">$448 billion<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><span style=\"font-weight: 400;\">supporting 51,000 projects encompassing road paving, water systems, bridges, and other extensive transit initiatives.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b55a869 elementor-widget elementor-widget-spacer\" data-id=\"b55a869\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0538f05 elementor-widget elementor-widget-heading\" data-id=\"0538f05\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Where are Legacy Systems Still In Use?\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5978a95 elementor-widget elementor-widget-text-editor\" data-id=\"5978a95\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<span style=\"font-weight: 400;\">Upgrading legacy systems can be expensive, time-consuming, and operationally challenging for teams to successfully implement. Additionally, bespoke applications may only run on specific legacy platforms, further complicating compatibility issues and the delicate balance between upgrading software and not disrupting critical business operations.\u00a0<\/span>\n<ul><\/ul>\n<ul>\n \t<li aria-level=\"1\"><b>Power Plants and Manufacturing: <\/b><span style=\"font-weight: 400;\">Legacy systems are utilized to control hardware in power plants and manufacturing machines, often running on outdated software like MS-DOS.<\/span><\/li>\n<\/ul>\n<ul>\n \t<li aria-level=\"1\"><b>Banking and Finance: <\/b><span style=\"font-weight: 400;\">Financial institutions rely on legacy mainframe systems for core banking operations such as transaction processing, customer data management, and account management.<\/span><\/li>\n<\/ul>\n<ul>\n \t<li aria-level=\"1\"><b>Healthcare: <\/b><span style=\"font-weight: 400;\">80% of institutions still rely on legacy systems, <\/span><a href=\"https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2023\/06\/05\/overcoming-the-chronic-condition-of-cybersecurity-in-healthcare\/?sh=7f877be56fe3\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">as per the <\/span><span style=\"font-weight: 400;\">Health Information and Management Systems Society (HIMSS)<\/span><\/a><span style=\"font-weight: 400;\">. These often include Electronic Health Record (EHR) systems, incorporating legacy components due to the complexity and longevity of patient records.<\/span><\/li>\n<\/ul>\n<ul>\n \t<li aria-level=\"1\"><b>Government: <\/b><span style=\"font-weight: 400;\">Government agencies use legacy systems for tax processing, social security administration, and public records management<\/span><b>.<\/b><\/li>\n<\/ul>\n<ul>\n \t<li aria-level=\"1\"><b>Transportation:<\/b><span style=\"font-weight: 400;\"> Legacy systems are found in transportation infrastructure, including air traffic control systems, railway signaling systems, and traffic management systems.<\/span><\/li>\n<\/ul>\n<ul>\n \t<li aria-level=\"1\"><b>Utilities:<\/b><span style=\"font-weight: 400;\"> Energy and utility companies depend on legacy systems for managing power generation, distribution, and infrastructure monitoring.<\/span><\/li>\n<\/ul>\n<ul>\n \t<li aria-level=\"1\"><b>Retail:<\/b><span style=\"font-weight: 400;\"> Many older retail environments utilize legacy systems in point-of-sale (POS) systems for sales transactions.<\/span><\/li>\n<\/ul>\n<ul>\n \t<li><b><\/b><b>Telecommunications:<\/b><span style=\"font-weight: 400;\"> Many telecommunication networks incorporate legacy systems for billing, call routing, and network management.<\/span><\/li>\n<\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c1e1026 elementor-widget elementor-widget-spacer\" data-id=\"c1e1026\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7d14859 elementor-widget elementor-widget-heading\" data-id=\"7d14859\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Why do We Need to Pay Attention to Legacy Systems Used  by Critical Infrastructure?<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-593d38b elementor-widget elementor-widget-text-editor\" data-id=\"593d38b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">To put it simply, cyber attackers enjoy targeting\u00a0 legacy systems, as they are easy to exploit\u2014akin to taking candy from a baby! D<\/span><span style=\"font-weight: 400;\">ue to their age and lack of support, legacy systems often harbor critical vulnerabilities that can be exploited by malicious actors. Similarly, end-of-life software, lacking security updates, becomes an attractive target for hackers seeking to exploit known vulnerabilities. For instance, <\/span><span style=\"font-weight: 400;\">Microsoft no longer supports Windows 7 or earlier versions and Apple dropped support for macOS versions prior to macOS 11 (Big Sur), thus putting any company or individual using these versions at risk of attack.<\/span><\/p><p><span style=\"font-weight: 400;\">Additionally, as legacy systems are extensively used across critical infrastructure sectors, such as dams, water treatment systems, power plants, hospitals, and schools, any attack on them can have significant immediate and far-reaching consequences. Furthermore, despite modernization efforts, many legacy systems are vulnerable to inter-system attacks as they lack robust defenses compared to the cloud-based platforms they are linked to, leaving U.S. infrastructure organizations highly susceptible to exploitation.<\/span><\/p><p><span style=\"font-weight: 400;\">In the words of Christopher Wray, Director of the Federal Bureau of Investigation, who reported that Chinese government-linked hackers had breached a large portion of US critical infrastructure, including 23 pipeline operators, \u201c<\/span><b>The fact is, the People\u2019s Republic of China\u2019s targeting of our critical infrastructure is both broad and unrelenting.<\/b><span style=\"font-weight: 400;\">\u201d He also warned that hackers would aim to \u201c<\/span><b>to land low blows against civilian infrastructure to try to induce panic.\u201d<\/b> <a href=\"https:\/\/www.fbi.gov\/news\/stories\/chinese-government-poses-broad-and-unrelenting-threat-to-u-s-critical-infrastructure-fbi-director-says\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">&#8211; Vanderbilt Summit on Modern Conflict and Emerging Threats, Nashville, April 18, 2024<\/span><\/a><\/p><p><span style=\"font-weight: 400;\">A few months ago, the FBI issued a statement warning\u00a0 critical infrastructure entities against potential attacks. Notably, US critical infrastructure has been under a steady series of cyberattacks led by international state-backed hackers from Russia and China.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-00560a8 elementor-widget elementor-widget-spacer\" data-id=\"00560a8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6fb7a87 elementor-widget elementor-widget-heading\" data-id=\"6fb7a87\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Recent Attacks on Critical Infrastructure Facilitated Through Legacy Systems or Unpatched Software<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1ed38cf elementor-widget elementor-widget-text-editor\" data-id=\"1ed38cf\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<table><tbody><tr><td><b>When<\/b><\/td><td><b>Critical Sector<\/b><\/td><td><b>Target<\/b><\/td><td><b>Attacker<\/b><\/td><td><b>Effects<\/b><\/td><\/tr><tr><td>Jan 2024<\/td><td>Water Supply<\/td><td>Muleshoe Water Plant<\/td><td>People&#8217;s Cyber Army of Russia<\/td><td>Town\u2019s drinking water tank overflowed for 30- 45 minutes<\/td><\/tr><tr><td>Jan 2024<\/td><td>Healthcare<\/td><td>Capital Health Hospitals<\/td><td>Lockbit ransomware<\/td><td>Stole 10 million files<\/td><\/tr><tr><td>Jan 2024<\/td><td>Library<\/td><td><a href=\"https:\/\/www.cbsnews.com\/colorado\/news\/douglas-county-libraries-hacked-overseas-criminal-group\/\" target=\"_blank\" rel=\"noopener\">Douglas County Libraries<\/a><\/td><td>Playcrypt (Russian)<\/td><td>All systems down for a\u00a0 week<\/td><\/tr><tr><td>Jan 2024<\/td><td>Water Systems<\/td><td>Veolia Water Systems<\/td><td>Unkown\/Black Basta<\/td><td>Operations for <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/water-services-giant-veolia-north-america-hit-by-ransomware-attack\/\" target=\"_blank\" rel=\"noopener\">416 <\/a>facilities in the US and Canada could have been affected<\/td><\/tr><tr><td>Jan 2024<\/td><td>Energy<\/td><td>Schneider Electric<\/td><td>Cactus Ransomware<\/td><td>Stole data, disrupted cloud platform<\/td><\/tr><tr><td>Feb 2024<\/td><td>Healthcare<\/td><td>Lurie Children&#8217;s Hospital<\/td><td>Rhysida ransomware<\/td><td>Disrupted medical services, phone and email communications. IT systems had to be taken offline, 600 GB of data stolen<\/td><\/tr><tr><td>Feb 2024<\/td><td>Government<\/td><td>California State Worker Union<\/td><td>Lockbit ransomware<\/td><td>Stole 308 Gb of data<\/td><\/tr><tr><td>Feb 2024<\/td><td>Healthcare<\/td><td>UnitedHealth<\/td><td>BlackCat Ransomware<\/td><td>Healthcare billing outage, stole 6TB of data<\/td><\/tr><tr><td>Feb 2024<\/td><td>Healthcare<\/td><td>Change Healthcare<\/td><td>BlackCat ransomware<\/td><td>Network and billing disruptions<\/td><\/tr><tr><td>Feb 2024<\/td><td>Government and Education<\/td><td>CKeditor (14-year old CMS platform)<\/td><td>Unknown<\/td><td><span style=\"font-weight: 400;\">MIT, Purdue, Washington and Columbia Universities and government sites in Virginia and Texas had poisoned search results with malicious sites.<\/span><\/td><\/tr><tr><td>March 2024<\/td><td>Electricity and Water Utility<\/td><td>Muscatine Power and Water<\/td><td>Unknown<\/td><td>36,955 Social security numbers compromised, systems were down for several days<\/td><\/tr><tr><td>March 2024<\/td><td>Education<\/td><td>Pennsylvania\u2019s Scranton School District<\/td><td>Unknown<\/td><td>Widespread technology outages<\/td><\/tr><tr><td>March 2024<\/td><td>Government and Education<\/td><td>Henry County, Illinois<\/td><td>Medusa ransomware<\/td><td>Government systems and colleges affected<\/td><\/tr><tr><td>March 2024<\/td><td>Government<\/td><td>Alabama Government and City of Birmingham<\/td><td>Anonymous Sudan<\/td><td>Service and network issues for several days<\/td><\/tr><tr><td>March 2024<\/td><td>Healthcare<\/td><td>Harvard Pilgrim Healthcare<\/td><td>Unknown<\/td><td>Compromised data of 2.8 million users<\/td><\/tr><tr><td>April 2024<\/td><td>Government<\/td><td>New York City Automated Personnel System, Employee Self Service<\/td><td>Unknown<\/td><td>City payroll had to be taken offline, tax filing disrupted<\/td><\/tr><tr><td>April 2024<\/td><td>Government<\/td><td>Tarrant County Appraisal<\/td><td>Medusa ransomware<\/td><td>218 GB of data stolen<\/td><\/tr><tr><td>April 2024<\/td><td>Healthcare<\/td><td>Group Health Cooperative of South Central Wisconsin<\/td><td>BlackSuit ransomware<\/td><td>Stolen data of 500,000 individuals<\/td><\/tr><tr><td>April 2024<\/td><td>Education<\/td><td>New Mexico Highlands University (NMHU) and East Central University<\/td><td>BlackSuit ransomware<\/td><td><span style=\"font-weight: 400;\">disrupted classes and exposed sensitive student data<\/span><\/td><\/tr><tr><td>April 2024<\/td><td>Finance<\/td><td>D.C. Department of Insurance, Securities and Banking (DISB)<\/td><td>LockBit ransomware<\/td><td><span style=\"font-weight: 400;\">Stole 800GB of data<\/span><\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c57c32e elementor-widget elementor-widget-text-editor\" data-id=\"c57c32e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">What many organizations fail to understand is the magnitude and scale of the efforts behind each attack. For instance, the Hale County Water Supply system in Alabama had <\/span><a href=\"https:\/\/apnews.com\/article\/texas-muleshoe-water-systems-cyberattacks-russia-5f388bf0d581fc8eb94b1190a7f29c3a\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">37,000 <\/span><\/a><span style=\"font-weight: 400;\">attempts in four days to bypass its firewall. Eventually, their systems had to be taken offline for protection. The MuleShoe Water Plant was simultaneously targeted but failed to intercept the attack. In comparison, the Port of Los Angeles, a large-scale target, was subjected to more than <\/span><a href=\"https:\/\/www.cnbc.com\/2024\/04\/17\/biden-admin-ports-prep-for-cyberattacks-as-us-infrastructure-targeted.html\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">750<\/span><\/a> <span style=\"font-weight: 400;\">million cyber intrusion attempts on 80% of its cranes in 2023.<\/span><\/p><p><span style=\"font-weight: 400;\">In counter measures, the FBI gained control of a ransomware website, LockBit, and shut down their operations for a while, but like every other tech-savvy organization, LockBit rallied and was soon back in cybercrime. As<\/span><a href=\"https:\/\/therecord.media\/pharmaceutical-development-company-investigating-cyber-incident-lockbit\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\"> LockBit\u2019s alleged leader, LockBitSupp<\/span><\/a><span style=\"font-weight: 400;\">, puts it:\u201cI plan to continue working until my death. I don\u2019t have a goal for a year or for five years. My only goal in life is to attack one million companies around the world and go down in human history as the most destructive affiliate program.\u201d<\/span><\/p><p><span style=\"font-weight: 400;\">To combat this level of cyber onslaught and battalion of groups led by\u00a0 single-minded leaders such as LockBitSupp, it is imperative that all organizations\u2014particularly those in critical infrastructure sectors\u2014modernize their legacy systems and adopt cybersecurity managed services\u2014at least, until they are able to upskill their existing personnel and practices. <\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-815dc0d elementor-widget elementor-widget-spacer\" data-id=\"815dc0d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d2cc77f elementor-widget elementor-widget-heading\" data-id=\"d2cc77f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How to Safeguard Legacy Systems from Attacks<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-522427c elementor-widget elementor-widget-text-editor\" data-id=\"522427c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul>\n \t<li><b>Ensure Basic Cybersecurity Measures: <\/b><span style=\"font-weight: 400;\">\u00a0Implement essential security measures like passkeys, complex passwords, multi-factor authentication, routine backups, updates, and frequent software patches to prevent cyberattacks.<\/span><\/li><\/ul>\n<ul>\n \t<li><b>Use a Modular System:<\/b><span style=\"font-weight: 400;\"> If you have to use legacy systems,<\/span> <span style=\"font-weight: 400;\">segregate them from the main network to prevent widespread compromise during cyberattacks. Employing modular systems will allow you to implement isolated shutdowns and incremental upgrades.<\/span><\/li><\/ul>\n<ul>\n \t<li><b>Regularly Audit All Assets: <\/b><span style=\"font-weight: 400;\">Conduct routine audits of all software and hardware systems and track products approaching their end of life (EOL) or end of support (EOS). Failure to do so can expose systems to exploitation by threat actors.<\/span><\/li><\/ul>\n<ul>\n \t<li><b>Utilize a Multi-Layered Defense: <\/b><span style=\"font-weight: 400;\">Implement a multi-layered security approach that takes into consideration legacy systems. Opt for customized cybersecurity solutions compatible with older systems and use firewalls, intrusion detection and prevention systems, and robust antivirus software.<\/span><\/li><\/ul>\n<ul>\n \t<li><b>Have an Incident Response Plan:<\/b><span style=\"font-weight: 400;\"> An incident response plan establishes clear roles, responsibilities, and procedures to deal with a cyber breach. It helps organizations minimize the impact of incidents, reduce downtime, and safeguard critical assets.\u00a0<\/span><\/li><\/ul>\n<ul>\n \t<li><b>Manage your Attack Surface: <\/b><span style=\"font-weight: 400;\">Having a comprehensive view of an organization\u2019s complete attack surface is crucial for identifying legacy systems and understanding their interconnections across the organization. By utilizing Securin ASM, organizations can monitor their attack surface effectively, identify misconfigurations or vulnerabilities, and prioritize remediation efforts to manage legacy systems effectively.<\/span><\/li>\n<\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-79b816f elementor-widget elementor-widget-text-editor\" data-id=\"79b816f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Ultimately, the goal should be to modernize and replace legacy systems. <\/span><span style=\"font-weight: 400;\">As cyber threats on critical infrastructure escalate, immediate action is imperative.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">U.S. state officials and security leaders must prioritize the modernization of legacy systems with comprehensive cybersecurity strategies, including regular penetration testing and vulnerability management. Collaborative initiatives such as the Cybersecurity and Infrastructure Security Agency&#8217;s (CISA) Joint Cyber Defense Collaborative (JCDC) and AI-powered tools are great solutions to rapidly and expansively enhance defense mechanisms. Again, it is essential to select adaptable products that are compatible with legacy systems. Additionally, continuous monitoring, timely patching, and collective efforts towards information sharing are essential to outpace evolving threats and safeguard essential services.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-32937c9 elementor-widget elementor-widget-spacer\" data-id=\"32937c9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-72c8cd6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"72c8cd6\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-f4a3b46\" data-id=\"f4a3b46\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-33476cd elementor-widget elementor-widget-text-editor\" data-id=\"33476cd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h3 style=\"text-align: center;\">Want to find what legacy systems in you organization are vulnerable?<\/h3><h3 style=\"text-align: center;\"><a href=\"https:\/\/www.securin.io\/attack-surface-management\/#asm-contact\" target=\"_blank\" rel=\"noopener\">Get an ASM demo today!<\/a><\/h3>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Many organizations, especially critical infrastructure, still run on legacy systems, but those systems are prime targets for attackers. <\/p>\n","protected":false},"author":1,"featured_media":21256,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[631],"tags":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/21248"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/comments?post=21248"}],"version-history":[{"count":9,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/21248\/revisions"}],"predecessor-version":[{"id":21665,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/21248\/revisions\/21665"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/21256"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=21248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/categories?post=21248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/tags?post=21248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}