Summary (Part 7 of 7: Mitigating Risks of Unsupported Operating Systems)
In this blog series, I explained the five actions your organization can take now to ensure its cybersecurity and address the risk of having unsupported software. These five actions work together to protect your organization from cyber attacks when it chooses to keep unsupported software on its network.
In the wake of WannaCry--a ransomware campaign that targeted Windows operating systems--organizations running unsupported software were unable to deploy the patches Microsoft released to neutralize the attack. More ransomware campaigns and cyber attacks will happen; we just don't know what they'll be or what they'll target.
Having unsupported software limits your ability to apply fixes and patches that vendors supply. Keeping unsupported software increases your risk of attacks that might cripple your organization. You can reduce your organization's exposure to risk by
- defining your risk tolerance
- managing your software inventory
- upgrading, replacing, or retiring unsupported software
- establishing and maintaining whitelists
- creating and enforcing a policy to manage unsupported software
For more information about risk and resilience in your organization, see https://www.sei.cmu.edu/research-capabilities/all-work/display.cfm?customel_datapageid_4050=20128, or contact me at email@example.com.
This post has been shared 0 times.
More By The Author
Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity's Role in Cybersecurity
An Introduction to the Cybersecurity Maturity Model Certification (CMMC)
More In Insider Threat
Potential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programs
Highlights from the 7th Annual National Insider Threat Center (NITC) Symposium, Day One
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.