Unsupported Software: Avoiding Cybersecurity Risks to your Business

What is Unsupported Software?

Unsupported software refers to any software in use within an organisation that is no longer supported by the vendor, i.e. the provision of updates and technical ‘patches’ or fixes. There are several reasons why an organisation may be using unsupported software.  In some instances, an organisation may have no choice than to continue using “legacy” software because there is no readily available alternative, and the software is required to support a critical business operation or process. Ideally an organisation should be managing all their software via a software lifecycle roadmap, in which case they will be aware of any known end-of-life date, have already identified a viable alternative and developed a plan to replace that software. Unfortunately, this is not always the case.

Considering the number of software applications that an organisation may be utilising at any one time, it is easy to see how some software might slip through the net and enter an unsupported risk state.  This is especially true of older software that has been performing well and doesn’t appear to pose any risk, or software that has been incorrectly deemed “non-critical”.  However, it is important for an organisation to assess the broader business implications of that software failing in the future.

What are the risks of using Unsupported Software?

The cybersecurity risk of using obsolete or unsupported software that is not maintained is far greater than supported software, in addition to the higher probability of failure. Software that is not updated can expose vulnerabilities in your systems, which can in turn lead to security risks as these vulnerabilities have the potential to be identified and exploited.

A survey undertaken by Kaspersky IT Security Economics in 2020 found that 47% of businesses still use some form of unsupported software. What is more concerning is that the survey also reported that businesses with unsupported software have a 65% chance of experiencing a cybersecurity incident, compared to a 29% chance for those that keep their software updated.  The survey also states that the financial cost of a breach, when unsupported software is involved, averaged 50% higher than breaches where this is not the case.

Three colourful pie chart diagrams showing the statistics discussed in the text

Avoiding Cybersecurity Risks caused by Unsupported Software

Some aspects of managing cybersecurity risk are obvious and include strengthening company infrastructure, implementing appropriate user access controls, ensuring all technology assets have anti-virus software, as well as educating employees to avoid email phishing attempts. However, there are risks which are not so obvious and in a large organisation with wide and varied disbursement of software could potentially be overlooked - an example of this is unsupported software.

In order to avoid the risk of unsupported software, an organisation should proactively manage the life cycle of all the software that is used throughout the entire business.  Implementing a software life cycle management process that documents the organisation’s software inventory is an effective solution.  This should contain all pertinent information about the software including current version, date of renewal and target date for upgrade (or end of life). It is crucial that this software inventory is well managed and maintained, however in many organisations this is unfortunately not the case.

In this digital age, the rapid change of technology is a constant challenge for organisations to stay ahead and brings relentless risk in terms of cybersecurity, as well as overall business risk.  Although it is essential that an organisation prioritises the protection of its infrastructure, this alone is not enough to alleviate the risk. To truly address the full scope of risk, organisations need to look deeper to identify hidden weak links.  One of these clearly being found in unsupported software.  If left unchecked or ignored, the outcome could be detrimental to the business.

A colourful diagram showing the three stages of the software life cycle management process

Navigating UPK End of Life

Organisations that invested in Oracle User Productivity Kit (UPK) for the development of their learning content may, understandably, be concerned by UPK end of life, as support for the tool was withdrawn in December 2022. Since Oracle made the announcement that they were sunsetting UPK, ongoing development was limited to basic patches and service pack releases and there were no further updates for Browsers or Operating Systems issued after 2014. This puts a considerable burden upon an organisation’s IT team, in terms of both security and updates to software on which UPK is dependent.

Should an organisation choose not to replace UPK, in addition to managing the risks associated with unsupported software discussed above, a major consideration is ensuring that they can continue to develop and maintain their learning content, and that their users can still access it. Whilst there is no set date at which point organisations will have to stop using UPK and migrate to a new tool, how often the business upgrades other software that UPK may be reliant upon (crucially for example their internet browser) is a major deciding factor. As other software continues to be developed and updated, UPK may become incompatible. This is an important consideration to ensure that an organisation is prepared for any potential migration of their learning content in the future.

Any learning content an organisation has already developed using UPK is a valuable asset, and the potential cost of losing this when UPK is replaced with an alternative tool must be considered. The good news is that this existing content doesn’t have to be written off. There are Oracle UPK alternatives that offer conversion and migration of existing UPK content. Larmer Brown offers two alternative UPK replacement tools, both of which offer solutions for UPK content migration as well as continued update and maintenance of that content, and enable creation of new learning content for all IT applications.

Larmer Brown has over 30 years UPK technical and development experience and appreciates how much the tool has to offer, as well as how difficult it could be to replace it when it’s established within an organisation. Having undertaken extensive investigations into finding a suitable replacement for UPK, we can offer advice on how best to manage UPK end of life and migration to an alternative tool. We can help organisations choose the most suitable UPK Migration Solution, ensuring a fast, simple and cost-effective way to convert existing UPK content.