A new study has revealed that the majority of companies are using vulnerable networking devices that are no longer being supported by the vendors. The number of companies using such devices has increased by 13% from 2015.
The analysis was performed by Softchoice, a leading IT solutions and managed services provider from the United States. For the study, the networking equipment at more than 350 companies in the United States was analysed, including more than 212,000 Cisco networking devices. The study revealed that 73% of organizations are using at least one networking device that is no longer supported by the manufacturer. These vulnerable networking devices are a weak point that could be exploited by hackers.
Furthermore, many devices are being used that are no longer sold by manufacturers. According to the report, 96% of companies are using end-of-sale devices. While these devices are still being supported, their lifespan is limited. 23% of all devices assessed were no longer being sold. In 2015, the figure was 28%. However, in 2015, when the study was last conducted, 4% of networking devices were end of sale. This year the figure has risen to 6%.
Many organizations are failing to conduct regular checks of their networking equipment to find out if all devices are still supported and whether they are approaching end-of-life. According to David Vigna, Cisco practice director at Softchoice, “If something isn’t having an issue, we tend to forget about it,” Vigna went on to say, “If there isn’t pain, there isn’t a reason to change a lot at companies.”
Unsupported and aging devices pose a big risk to organizations if they are on the perimeter of a network where they can be easily attacked. However, even when devices are protected by a firewall they are not immune to attack. The priority must be replacing perimeter devices, but internal devices should not be ignored.
A typical networking device has a lifespan of between 2-5 years according to Vigna, after which it will no longer be supported. “End-of-support devices that remain on a network too long increase the risk of potential breaches, outages and higher replacement expenses.” Organizations therefore need to plan to replace devices more regularly if they are to maintain a robust security posture, and not wait until they experience device failures before upgrading the equipment.