Using systems beyond End-of-Life is a significant cyber risk.
Almost everyone who has been or is in a role with responsibility for IT has been in a situation where devices or operating systems had reached their end-of-life, but there were logical explanations why it would make sense to keep using them. Other priorities, budget restrictions, or even the consideration that the technology was still working great and there was no valid reason to replace perfectly fine working technology. And there are of course many situations in which it was considered a very bad idea to keep using technology beyond end-of-life but the decision to do so was made higher up the chain of hierarchy.
End-of-life technology means that for example the risks of failure will increase rapidly, and the availability of spare parts and service is no longer guaranteed. Compatibility issues could also become a problem. But there is a far more important reason to not use technology beyond the end-of-life point. Vendors and suppliers stop providing security updates for technology that has reached its end-of-life.
Every organization should have full insight into the lifecycle of all technology they use, including at which point in time the suppliers will stop providing updates and patches, and phaseout tech once this end-of-life is reached. This is especially crucial for Manufacturing and Industry! Using systems beyond End-of-Life is a significant cyber risk.
Dr. ir Johannes Drooghaag – CEO Spearhead Management