Government institutions have the largest number of Information Technology devices that are old or obsolete, which may have consequences for the information security with which they operate and the ability to update and modernize information systems.
Six out of 10 devices within the public sector on a global scale are old or obsolete, according to the Global Network Insights Report 2020 of the technology company NTT, which is based on the analysis of the life cycle, maintenance and vulnerabilities of more 800,000 devices in five regions (America, Asia Pacific, Australia, Europe, and the Middle East and Africa), where Latin American countries are included as Mexico.
Government works with junk
Old devices are those whose software has not been updated to protect them from the latest vulnerabilities published by developers, while obsolete devices correspond to those technologies that, due to their age, can no longer be migrated in a process of modernization of the infrastructure.
“Typically, a technological team has a life cycle of between three and five years and, ideally, at the end of that life cycle it is replaced or at least updated. In several government entities it is possible to see that the life cycle is about to end or has already expired, “said Armando González, director of Solutions and Technology at NTT Mexico.
González gave the example of Petróleos Mexicanos (Pemex), which last November was the victim of a ransomware attack that, according to the company itself, affected 5% of its computer equipment.
According to the executive, within the manufacturing sector, companies operate through silos that are typically intended to handle a single activity. Many of these silos maintain a flat network architecture, that is, a single hierarchy network. The contact of this network, integrated in most cases by devices between 10 and 15 years old, with the company’s Information Technology network makes all the infrastructure vulnerable.
“Those types of companies in which the production lines converge with the IT part become very vulnerable. In the case of Pemex, as it is a large company in the manufacturing sector, specifically oil and gas, it is most likely that they work with silos and are not prepared to modernize their infrastructure, ”he said.
Three months after the cyber attack on Pemex, on February 23, the Ministry of the Economy suspended the procedures it carries out because it also suffered a cyber attack.
Among the consequences that obsolescence and aging of IT devices – a computer, a router or a server – can have, González lists the inability to have new device functionality through updating; the inability to automate IT infrastructure and even the use of equipment for which manufacturers have discontinued technical support.
“You can suffer an attack; stop operating due to lack of support and even stop a digitization or transformation, security or data strategy, ”he said.
NTT is a Japanese-born company born in 1953 as a telecommunications company. To date, it has become a holding company for companies dedicated to information technologies, cybersecurity, networks and data analysis.