Being Proactive and Not Waiting Until the Last Minute (to Update Server 2012)

Imagine a peaceful residential neighborhood. For someone who intends to steal personal and household belongings, this neighborhood contains exactly what they’re looking for. How does the thief pick the house that will be their next victim? It’s the one that’s discovered to be unlocked as the thief goes through the neighborhood, testing back door handles to see which one is unsecured.

This is similar to the way that cybercriminals operate when they’re looking for holes in software to exploit.

New vulnerabilities in software are found all the time by both cyber attackers and software developers. These good guys and bad guys play a continual game of cat and mouse as software holes are discovered, and developers create patches to close them.

Bad Guys Anticipating Microsoft Server 2012 End of Support

The game changes when software goes out of support, and the bad guys can hardly wait for Server 2012 to go end of life later this year. When Microsoft stops supporting the Server 2012 operating system, vulnerabilities will continue to be found, but there will be no one to shut them down anymore. Cybercriminals are eagerly anticipating this time because they know that there will be plenty of unprotected servers to exploit.

Here at VC3/VC3, we’ve been talking about the upcoming end of support for Microsoft Server 2012 with clients for a good 18 months or so. We’ve been working vigilantly to upgrade companies so that they won’t be exposed to the risk of outdated software.

Opportunity or Merely Expense?

Certainly, there’s going to be some expense related to moving away from Server 2012. Whether it’s replacing onsite servers or going to the cloud, there’s an IT project involved that takes planning and labor to implement it.

Some companies see this situation as an opportunity. For example, we have one client who replaced their servers with web-based applications and totally eliminated the need for onsite servers.

Other companies drag their feet on getting their server replacement project in motion because they think it’s going to be a big disruption, and it certainly could be, depending on the situation. For some businesses, upgrading their servers causes a ripple effect that makes the project bigger than just new servers. Replacement of software, databases, and connected equipment may also be required.

Having up-to-date software and hardware is a proactive cyber security best practice that isn’t going to go out of date in the foreseeable future. What’s more, there’s a teachable moment here that helps us to illustrate what it really means to be proactive.

The Importance of Timing

Being proactive doesn’t mean acting at the last minute. Waiting to act may bring up additional hardships that unexpectedly add more costs or risk. When you look at the calendar, it may look like you have plenty of time, but there could be supply chain issues or labor shortages. You never know what might happen.

Fortunately, we’re not totally reliant on the hardware supply chain. We have the flexibility to go to the cloud and look at some other options besides replacing onsite servers with onsite servers. Even with cloud computing, however, it could take a few months to get everything in place, plus labor shortages will happen.

That Feeling When You Know You’re Vulnerable

We’re at the last minute right now with Microsoft Server 2012. If it were me and I was living with Server 2012 past end-of-support, this is how I’d feel. It’d be like sitting on a plane on my way to a wonderful vacation for two weeks when I suddenly remember that no one locked the back door of the house… or the front door or the windows, and everything was going to be wide open until I returned. That’s a gut-wrenching feeling I’d prefer not to have.