April 08, 2021

The security risk of end of life hardware

Richard Dornhart
National Practice Manager - Security at Data#3
Connect
Some things last forever, others are superseded by more improved models. The latter is particularly true in the fast-paced world of technology. As a result, hardware eventually reaches end of life (EOL) – the end of its manufacturing lifespan, and sooner or later it must be retired. Upgrading to the shinier new model brings plenty of benefits but this shouldn’t overshadow the more serious implications that stem from an EOL hardware announcement.

When devices reach EOL status, the support provided by vendors is eliminated. This usually means no more tech support, hardware repairs or firmware updates. It doesn’t render your hardware immediately useless, but neglecting your device’s EOL dates can lead to a situation where you’re adding yet another security risk to the business.

The vulnerability of connected EOL devices

When vendors close the support door on old operating systems and hardware, the gate is opened for cybercriminals. Consider connected devices, such as an IP camera, a video conferencing system or an old switch or router. Each have their own operating system and without software patches and security updates, cybercriminals can take advantage of dated operating systems to gain access. This can have dangerous consequences. One of the most damaging cybersecurity incidents involving ransomware in an operating system was the ever-familiar 2017 WannaCry outbreak – which has been estimated to cause $4 billion in losses across the globe1. Of the approximately 230,000 computers infected globally, 98% were reportedly running an unpatched version of Windows 72. It’s not just unpatched software that puts an organisation at risk, connected devices have already proven to present real danger, even before they reach EOL. More recently, a breach of cloud-based security cameras at Verkada saw hackers gain access to security-camera data including footage in Tesla factories and warehouses, as well as hospitals, companies, police departments, prisons and schools. The hacker-collective behind the massive breach of hardware claimed they wanted to demonstrate the pervasiveness of video surveillance, but also how easy it is to hack these systems and expose sensitive and private footage3. To that end, we can agree they were successful! Simply put, when hardware reaches EOL, you’re putting your environment at considerable risk by not upgrading:

  • At risk data: The number one risk of EOL hardware is vulnerability. A security flaw in an EOL device can be a minefield of security hazards because breaches don’t just affect that device. If a device is unpatched and has network access, it takes just one successful attack to have major impact and consequences.
  • The cost of maintenance: EOL doesn’t just mean no more patches and upgrades, it may mean parts or accessories are no longer produced. This creates headaches for IT when it comes to sourcing scarce parts that are either difficult or impossible to obtain, or often costly.
  • Business productivity: Ageing hardware is unreliable and fails much more often than newer hardware, making it far more likely to contribute to moments of downtime that will continue to drain workplace productivity and frustrate users.
  • Legal ramifications: For organisations that handle sensitive customer data – health and government, for example – the security dangers of EOL devices is escalated. For these organisations, failing to protect your data in line with compliance and regulatory standards could result in significant fines and legal consequences.

The great attack on collaboration tools

When we talk about EOL hardware, we’re also referring to collaboration devices and tools. We saw adoption of these solutions surge throughout 2020, with hackers just as quickly adding these to their hit list. In fact, an Interpol report found that two-thirds of companies have been attacked via their own collaboration tools in just 12 months4. As workplaces begin to reopen and employees step back into the office, collaboration devices and tools will need to be put under the microscope to ensure they are up to date and protected. If they’re reaching EOL, a refresh is likely in order. The good news is, these new and emerging security concerns are being addressed in the latest collaboration tools with many now including advanced features that may be missing from your EOL collaboration hardware, such as:

  • Improved standards-based zero-trust encryption
  • Data loss prevention (DLP) capabilities
  • Encryption and secure identity capabilities
  • Enhanced troubleshooting, analytics and granular policy additions.

EOL hardware poses many risks to your organisation and could end up impacting your bottom line in many unforeseen ways. However, it doesn’t have to spell disaster. By understanding the risks associated with your dated hardware, you’ll be one step closer to removing those vulnerabilities and protecting your organisation.

Is it time to evaluate and upgrade your in-office setup?

After a year like last, office buildings were missing people and meeting room hardware was left idle.  It could be time to update vulnerable end of life hardware. Protect your network and bring your employees back to office with the power, ease and safety of the Cisco Webex Desk Series collaboration devices. Or ‘try before you buy’ with a free 90-day trial on all Cisco Webex devices.

Why Data#3 and Cisco?

As a Gold Certified Cisco Partner and Cisco Master Collaboration Partner, Data#3 combines consulting, technical expertise and Cisco market-leading technology to help Data#3 customers securely navigate the complexity of the new digital era.

Contact a Data#3 Cisco Specialist

  1 Cisco (2018). Annual Cybersecurity Report. [Online] Available at: https://www.cisco.com/c/m/en_au/products/security/offers/annual-cybersecurity-report-2017.html 2 The Verge, (2017). Almost all WannaCry victims were running Windows 7 [ONLINE]. Available here. 3 The Washington Post, (2021). Massive camera hack exposes the growing reach and intimacy of American surveillance [ONLINE]. Available here. 4Interpol, (2020). INTERPOL report shows alarming rate of cyberattacks during COVID-19 [ONLINE]. Available here.