Trend Micro: Patching Legacy Systems Is Easier Said Than Done

WannaCry’s spread and the havoc the ransomware wrought has been laid firmly at the doorstep of legacy systems.

But there is an argument that in the case of the NHS, old software is embedded at the heart of expensive medical systems with long working life expectancy, making patching and updating operating systems and software a much more daunting task than following a digital transformation doctrine.

At Silicon‘s stand in Infosecurity 2017. Simon Edwards, cyber security architect at Trend Micro, explained that cyber security in large organisations such as the NHS, use machine with embedded systems that they cannot patch as the ownership of the computer at the core of a machine lies with the vendor not the user.

Languishing in legacy

“The NHS took a lot of criticism because of unpatched systems and things like that and it’s something we’ve been picking up for the last 12 to 18 months now, which is a lot of these systems they can’t patch,” said Edwards.

“So if you think about it, [hospitals] go an spend a million pounds on an MRI scanner or a blood analysis system and in the middle of this is a computer but obviously the scanner is the important bit, and the hospitals don’t own that PC that’s sitting at the core part of it, the vendors; whoever supplied the MRI scanner.

“And so it falls out of the scope of their [the hospital’s] security policy so they couldn’t patch it and the vendor won’t patch it because the MRI scanner will probably stop working, so what we end up with is a whole bunch of legacy systems that nobody can do anything about,”

Edwards explained that Trend Micro works with organisations to combat this with a virtual patching system, but the scale of legacy systems, notably in the public sector, is a significant challenge to overcome.

For the full interview check out the video above.

There was plenty more going on at the Silicon stand, with interviews with Symantec on IT integration and security, and a chat with Darktrace on IoT insider security threats.

Quiz: What do you know about cyber security in 2017?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago