By Kris Lovejoy, Global Security & Resiliency Leader at Kyndryl
As the global economy becomes more digitized and interconnected, it also becomes increasingly vulnerable to cyberattacks. A recent IDC study found that cyberattacks are costing businesses significant losses of data or money — with 69% of respondents saying their businesses were adversely affected by a cyberattack in the past year. However, many industry leaders and governments are relying on outdated hardware and software to provide essential services around the world. Think of critical infrastructure such as banking, government, healthcare, power grids and water supply.
While legacy technologies can be inefficient and costly to maintain, aging assets also leave organizations prone to cyberattacks. In fact, the longer legacy technologies linger, the more cybersecurity risks increase. That’s why it is important for technology leaders to adopt a strong cyber resilience posture.
Here are three challenges — and recommended actions — organizations should consider when it comes to their legacy technologies and implementing a stable cyber resilience strategy.
Challenge #1: Inviting unnecessary risk
Recent technology investments have allowed for changes in how and where people work. But to rapidly adjust to the virtual office, organizations made speedy decisions — some moved to the cloud with an unstructured approach. They adopted more tools and quick fixes that bogged down already complex IT estates, adding to technical debt. Meanwhile, legacy technologies were left untouched.
Relying on — and building on — outdated infrastructure exposes organizations to unnecessary risk. When new options hit the market, older technologies are retired; critical updates like security patches are no longer provided. Yet many organizations continue to depend on these end-of-life and end-of-service assets.
Action to take
Organizations must first define and identify legacy technology assets. From there, it is important to understand how these technologies relate to critical business processes and consider the maximum downtime they can withstand. Some disruption now will likely pay off down the line. And future gains must similarly be prioritized over short-term economic pressures.
By updating legacy technologies, organizations can realize long-term financial benefits, enable innovation and ensure cyber resiliency.
Challenge #2: Ignoring legacy technology
Organizations that avoid confronting legacy technologies may need to quickly catch up as governments encourage modernizations of IT. Media reports say the European Central Bank is stress testing the region’s financial institutions, and public organizations in the EU and U.S. must soon comply with new cybersecurity regulations. As boards and security leaders define their priorities, modernizing legacy technologies can help them achieve compliance and advance their risk management strategies.
Action to take
Organizations should stay on track with hardware refresh cycles — a top priority as hardware failures are one of the most common sources of disruption. Organizations should also enforce strict patching policies to ensure software updates and implement regular mainframe health checks. Similarly, broader mainframe modernization efforts can enable organizations to become more agile — many are adopting a hybrid approach to modernization.
Challenge #3: Closing the skills gap with legacy programming knowledge
Outdated technologies tend to rely on older programming languages, which can hinder IT modernization efforts and slow innovation as the mainframe skills gap widens. It is a major challenge to find and hire people who know legacy programming languages. For example, a Kyndryl survey found that 56% of companies were concerned that new hires did not have enough mainframe skills and 47% had concerns that staff with mainframe expertise are retiring.
Action to take
 
Organizations can proactively ask remaining legacy programming developers when they plan to retire and gauge if any other developers at the organization would be willing to learn these languages. The organization could use this information to make better decisions on timelines for mainframe modernization. It’s also important to choose experienced managed service providers that can help bridge the skills gap.
By identifying and updating legacy technologies, organizations can realize long-term financial benefits, enable innovation and ensure cyber resiliency — the ability to anticipate, protect against, withstand and recover from adverse events. The work can’t start too soon.
For more, read Kyndryl’s new position paper, Cyber Resiliency and Legacy Asset Modernization.