When companies think of the insider threat, their thoughts will usually go to people inside the firewall who are the cause of data breaches or security lapses. This can be either intentional or accidental, and both should be of equal concern and can be equally damaging.
Most companies, especially those concerned with the insider threat will have measures in place to try to mitigate and minimise these risks. Ensuring employee’s update passwords, store USB drives securely and have a good understanding of system security.
The insider threat from legacy technology is however, too often overlooked.
The risk of legacy systems
With companies, especially insurers, spending so much on their technology it is perhaps understandable that they are reluctant to maintain this investment through updates and replacements year on year. When you know replacing a system is going to be extremely costly it becomes a much less attractive proposition. This is a dangerous trap though.
With each year that the system ages, it is another year out-of-date with current security threats, both internal and external. As systems and technologies evolve, so do the threats to those systems and many of the systems that companies rely on are simply not up to the task.
The growing skills gap
As systems age and get more out of date every year, so do the skills available within the company. Increasingly, companies are finding that those who implemented the systems, and maintained them are approaching retiring age or have left the company already. This leaves a worrying skills gap – companies are relying on aged systems that no one has the skills to upgrade or maintain.
It is a tough sell to convince new employee’s to learn and take on out-of-date code and technology as well, meaning the solutions are rather limited.
The risks here a real. You can spend millions of pounds securing your network but if it relies on an out-of-date system that is not being properly updated and maintained because no one knows how, access points will undoubtedly appear.
How to minimise the risk of legacy systems
A data security audit
This will give you an idea of where your data is stored, and how securely, and whether any legacy systems are affecting this. This is particularly crucial in the run up to GDPR going live next year.
Health check or IT audit
If you want to fully understand the vulnerabilities of your systems, then a health check is a relatively low cost way of doing so. This will also provide you with appropriate next steps to remedy any glaring issues.
Business Process Mapping (BPM)
This will help to identify any weaknesses or inefficiencies in your wider processes. Eliminating these helps to reduce the risk of legacy systems by keeping things as simple as possible, where there is less chance for things to go wrong.
If legacy systems continue to remain in place, with no checking and little to no maintenance, they present as much of an insider threat as rogue or careless employees do. The insurance industry, as do others, need to take note and start to properly assess the extent of the problems they face.
For more information on managing your legacy systems, ring for a free consultation on 020 7127 4558.
Alternatively, talk to us today, we’d love to hear from you.
