Summary (Part 7 of 7: Mitigating Risks of Unsupported Operating Systems)
In this blog series, I explained the five actions your organization can take now to ensure its cybersecurity and address the risk of having unsupported software. These five actions work together to protect your organization from cyber attacks when it chooses to keep unsupported software on its network.
In the wake of WannaCry--a ransomware campaign that targeted Windows operating systems--organizations running unsupported software were unable to deploy the patches Microsoft released to neutralize the attack. More ransomware campaigns and cyber attacks will happen; we just don't know what they'll be or what they'll target.
Having unsupported software limits your ability to apply fixes and patches that vendors supply. Keeping unsupported software increases your risk of attacks that might cripple your organization. You can reduce your organization's exposure to risk by
- defining your risk tolerance
- managing your software inventory
- upgrading, replacing, or retiring unsupported software
- establishing and maintaining whitelists
- creating and enforcing a policy to manage unsupported software
For more information about risk and resilience in your organization, see https://www.sei.cmu.edu/research-capabilities/all-work/display.cfm?customel_datapageid_4050=20128, or contact me at info@sei.cmu.edu.
Written By

More By The Author
PUBLISHED IN
CITE
TAGS
Insider ThreatSHARE
This post has been shared 0 times.
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.
Get updates on our latest work.
Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.