Issues are also common after acquisitions and mergers, when hardware limitations may prevent using the latest software on acquired technology. There is a tendency in such situations to just leave what’s working as it is, even if the software is old and vulnerable. This should be a sign that new hardware needs to be purchased, or a migration is needed towards a different provider. When neither is possible, the recommendation is to at least have older versions isolated in a separate environment with security to reduce exposure, ensuring a threat actor can’t just jump to other systems.
“
Occasionally, vendors will provide post-end-of-life security updates, as Microsoft did for Wannacry. These are rare but very urgent, and generally signal scenarios where millions of devices are at risk of major catastrophe. Never count on getting post-end-of -life security updates, but if you do receive one, take it very seriously.
Brandon WelchCyber Services Team Leader - West
Los Angeles, CA
The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Beazley has not examined and/ or had access to any particular circumstances, needs, contracts and/or operations of any party having access to this document. There may be specific issues under applicable law, or related to the particular circumstances of your contracts or operations, for which you may wish the assistance of counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information.