Aging digital infrastructure Hardware such as routers, network switches, and network storage have long been a quiet risk for organizations. In the tiny term, it’s cheaper and easier to just leave those boxes in a forgotten closet. However, this infrastructure may have archaic, insecure configurations, and vendors often no longer support older technologies for software patching and other security features. As generative AI platforms make it easier for attackers to find and exploit vulnerabilities in target systems, networking technology company Cisco is launching an effort to raise awareness of the issue and promote improvements – both for legacy Cisco devices and third-party products still in operate.
Dubbed “Resilient Infrastructure.” initiative includes research and industry coverage, as well as technical changes in the way Cisco manages its own legacy products. The company says it publishes novel warnings for its end-of-life products, so if customers are using or trying to add known insecure configurations, they will receive a clear and conspicuous prompt when updating their device. Eventually, Cisco will go a step further and completely remove historical settings and interoperability options that are no longer considered secure.
“Infrastructure around the world is aging, and that creates enormous risks,” says Anthony Grieco, director of security and trust at Cisco. “We must note that this aging infrastructure was not designed for today’s threat environments. And by not updating it, it creates opportunities for adversaries.”
The study, conducted for Cisco by British consulting firm WPI Strategy, examined the prevalence and impact of end-of-life technologies in the “national critical infrastructure” of five countries: the United States, the United Kingdom, Germany, France and Japan. The test found that the UK (followed closely by the US) faces the group’s highest relative risk from the widespread operate of archaic, legacy technologies in key sectors. Japan had the lowest relative risk, the report said, thanks to a greater emphasis on consistent modernization, decentralization of critical infrastructure and “a stronger, more coherent national focus on digital resilience.”
Overall, the study also highlighted that in breaches and other cybersecurity incidents around the world, attackers regularly exploit known vulnerabilities that can be avoided by patching or upgrading retired technology.
“Maintaining the status quo isn’t free—in fact, it comes with costs that are simply not being accounted for,” says Eric Wenger, senior director of technology policy at Cisco. “If we can help raise that risk to a level that is treated as a board-level concern, hopefully that will help highlight the importance of making the investment here.” He adds that as an industry, “we don’t make it hard enough for attackers.”