As Firms Delay Replacing Old Hardware That Makes Them Vulnerable to Cyber Attacks, NSA Says New Legislation Is Needed

As US firms drag their feet on essential updates to reduce cyberattacks, an NSA official recently came out to say that more laws are needed to enforce these necessary updates to gear and software. You can read more here. Cyber attacks in the US are a growing epidemic affecting all industries and all business sizes. They spare no one in whom they target. Many cyber attacks are also preventable. Cyberattacks prey on known vulnerabilities within organizations to find “back door” entrances to infiltrate organizations. Many of these backdoor vulnerabilities can be solved by replacing old computer gear and/or applying necessary patches to older software. Much of this can be achieved with a qualified outside managed IT security team (like PK Tech).

If it’s a relatively easy fix, why aren’t more organizations doing it? Simple answer: cost. Updating computing gear, hiring a qualified managed IT services team, investing in software updates — it’s all a financial investment. Many would argue the investment is more than worth it when looking at the stats on costs to hacked organizations, but many organizations still maintain a short-sighted view of the situation. Spending money today is not something they’re interested in, especially after many industries suffered financial hardship during the Covid-19 pandemic. This is why NSA officials say the only answer may be new laws that require such fixes, given it’s no longer working to ‘hope’ that organizations will act responsibly. Given that the ransomware crisis affects the nation as a whole, national laws may be the only answer.

Experts call it “historical tech debt” and name it as the most significant problem holding us back in the fight against cyber attacks. What is historical tech debt? Essentially, it means old computers and software that have not been updated with the most recent patches against cyber attackers. The ‘debt’ or lack of updates is what cyber attackers prey on. To close the vulnerability loop at many organizations, an investment must be made to track, follow and upgrade gear and software as necessary. In a sense, if you’re not investing in staying one step ahead of cyber attacks, you are vulnerable to an attack. 

NSA officials equate the need for laws in this arena to laws in the automobile industry. Features like airbags, emission standards, and seatbelts seem evident to us now. But there was a time when government standards and laws had to be created to mandate those changes. The same could apply to IT security. Without proper legislation, we cannot count on all organizations to do the right thing to fight against ransomware.

What will these laws look like? Whom will they affect? How will they be enforced? All of these questions remain to be seen. As always, we at PK Tech pride ourselves on staying at the forefront of these discussions and look forward to updating our clients and followers as IT security regulations increase. Contact us here if you have questions about how changes may affect your organization.