With the Rise of AI, Cisco Sounds an Urgent Alarm About the Risks of Aging Tech
Aging digital infrastructure Equipment such as routers, network switches, and network-attached storage have long represented a silent risk to organizations. In the short term, it’s cheaper and easier to leave these boxes lying around in a forgotten cupboard. But this infrastructure may have old and insecure configurations, and existing technologies are often no longer supported by vendors for software patches and other protections. As generative AI platforms make it easier for attackers to find and exploit vulnerabilities in target systems, networking technology company Cisco is launching an effort to raise awareness of the issue and promote improvements, both for older Cisco devices and for products from other companies that are still in use.
Dubbed “Resilient Infrastructure,” the initiative includes research and industry outreach as well as technical changes to the way Cisco manages its own existing products. The company says it is issuing new warnings for its products that are nearing their end of life. So, if customers run known insecure configurations or attempt to add them, they will receive a clear and explicit prompt when updating a device. Eventually, Cisco will go even further by completely removing historical settings and interoperability options that are no longer considered secure.
“The world’s infrastructure is aging, which creates many risks,” said Anthony Grieco, Cisco’s chief security and trust officer. “What we need to make clear is that this aging infrastructure was not designed for today’s threat environments. And by not updating it, it creates opportunities for adversaries.”
A study conducted for Cisco by British consultancy WPI Strategy examined the prevalence and impact of end-of-life technologies in “national critical infrastructure” in five countries: the United States, the United Kingdom, Germany, France and Japan. The study reveals that the UK (closely followed by the US) faces the greatest relative risk of the group due to the widespread use of old and obsolete technologies in key sectors. Japan had the lowest relative risk – thanks, the report said, to a greater emphasis on consistent upgrades, decentralization of critical infrastructure and “a stronger and more consistent national focus on digital resilience”.
Overall, the study also highlights that breaches and other cybersecurity incidents around the world regularly involve attackers exploiting known vulnerabilities that could be avoided by patching or upgrading end-of-life technology.
“The status quo isn’t free—it actually has a cost, but it’s just not taken into account,” says Eric Wenger, Cisco’s senior director of technology policy. “If we can help elevate this risk to a concern addressed at board level, we hope it will help highlight the importance of investing here.” As an industry, he adds, “we’re not making it difficult enough for attackers.”
