When devices reach EOL status, the support provided by vendors is eliminated. This usually means no more tech support, hardware repairs or firmware updates. It doesn’t render your hardware immediately useless, but neglecting your device’s EOL dates can lead to a situation where you’re adding yet another security risk to the business.
When vendors close the support door on old operating systems and hardware, the gate is opened for cybercriminals. Consider connected devices, such as an IP camera, a video conferencing system or an old switch or router. Each have their own operating system and without software patches and security updates, cybercriminals can take advantage of dated operating systems to gain access. This can have dangerous consequences. One of the most damaging cybersecurity incidents involving ransomware in an operating system was the ever-familiar 2017 WannaCry outbreak – which has been estimated to cause $4 billion in losses across the globe1. Of the approximately 230,000 computers infected globally, 98% were reportedly running an unpatched version of Windows 72. It’s not just unpatched software that puts an organisation at risk, connected devices have already proven to present real danger, even before they reach EOL. More recently, a breach of cloud-based security cameras at Verkada saw hackers gain access to security-camera data including footage in Tesla factories and warehouses, as well as hospitals, companies, police departments, prisons and schools. The hacker-collective behind the massive breach of hardware claimed they wanted to demonstrate the pervasiveness of video surveillance, but also how easy it is to hack these systems and expose sensitive and private footage3. To that end, we can agree they were successful! Simply put, when hardware reaches EOL, you’re putting your environment at considerable risk by not upgrading:
When we talk about EOL hardware, we’re also referring to collaboration devices and tools. We saw adoption of these solutions surge throughout 2020, with hackers just as quickly adding these to their hit list. In fact, an Interpol report found that two-thirds of companies have been attacked via their own collaboration tools in just 12 months4. As workplaces begin to reopen and employees step back into the office, collaboration devices and tools will need to be put under the microscope to ensure they are up to date and protected. If they’re reaching EOL, a refresh is likely in order. The good news is, these new and emerging security concerns are being addressed in the latest collaboration tools with many now including advanced features that may be missing from your EOL collaboration hardware, such as:
EOL hardware poses many risks to your organisation and could end up impacting your bottom line in many unforeseen ways. However, it doesn’t have to spell disaster. By understanding the risks associated with your dated hardware, you’ll be one step closer to removing those vulnerabilities and protecting your organisation.
After a year like last, office buildings were missing people and meeting room hardware was left idle. It could be time to update vulnerable end of life hardware. Protect your network and bring your employees back to office with the power, ease and safety of the Cisco Webex Desk Series collaboration devices. Or ‘try before you buy’ with a free 90-day trial on all Cisco Webex devices.
As a Gold Certified Cisco Partner and Cisco Master Collaboration Partner, Data#3 combines consulting, technical expertise and Cisco market-leading technology to help Data#3 customers securely navigate the complexity of the new digital era.
1 Cisco (2018). Annual Cybersecurity Report. [Online] Available at: https://www.cisco.com/c/m/en_au/products/security/offers/annual-cybersecurity-report-2017.html 2 The Verge, (2017). Almost all WannaCry victims were running Windows 7 [ONLINE]. Available here. 3 The Washington Post, (2021). Massive camera hack exposes the growing reach and intimacy of American surveillance [ONLINE]. Available here. 4Interpol, (2020). INTERPOL report shows alarming rate of cyberattacks during COVID-19 [ONLINE]. Available here.