In this blog series, I explained the five actions your organization can take now to ensure its cybersecurity and address the risk of having unsupported software. These five actions work together to protect your organization from cyber attacks when it chooses to keep unsupported software on its network.

In the wake of WannaCry--a ransomware campaign that targeted Windows operating systems--organizations running unsupported software were unable to deploy the patches Microsoft released to neutralize the attack. More ransomware campaigns and cyber attacks will happen; we just don't know what they'll be or what they'll target.

Having unsupported software limits your ability to apply fixes and patches that vendors supply. Keeping unsupported software increases your risk of attacks that might cripple your organization. You can reduce your organization's exposure to risk by

1. defining your risk tolerance
2. managing your software inventory
3. upgrading, replacing, or retiring unsupported software
4. establishing and maintaining whitelists
5. creating and enforcing a policy to manage unsupported software

For more information about risk and resilience in your organization, see https://www.sei.cmu.edu/research-capabilities/all-work/display.cfm?customel_datapageid_4050=20128, or contact me at info@sei.cmu.edu.