Language change icon for desktop
English  |  Dutch  |  French

What WannaCry Can Teach Businesses about Legacy Technology

Authored by: Silvano Stagni and Team

The recent WannaCry Ransomware cyber-attacks have highlighted the vulnerability of legacy technology, data and operations to malicious business attacks, raising this as a key risk for financial services firms. Similarly, the Financial Conduct Authority (FCA) 2017 mission published in April also highlights the systemic and technical risks that derive from the continuous use of old technology as a priority area of intervention.

Why did “legacy” become such a big deal? What can be done about it at a time when a large share of the Information Technology (IT) budget, resources, and efforts are aimed at managing regulatory change? To answer these questions, we need to look at what makes these systems vulnerable and why.

Some areas of the financial industry are constantly embracing new technology, using people with extensive systems and workflow experience. The tail-end of the technology lifecycle management is often neglected. Managing the upgrade (or the update or, indeed, the demise) of an old system must include maintaining a robust control model (e.g. performing updates check each quarter) to identify and remediate points of vulnerability and to understand how they apply across the technology ecosystem.

Few systems exist in complete isolation. Any change, however small, to the corporate IT landscape may affect an old system. If the system is poorly documented, it will take longer than expected to implement any change. The worst-case scenario may result in unplanned investment in time, effort, and money. Any system downtime has the potential to result in reputational risk, a sudden and urgent need to source costly resources to re-establish the service, or a high-priority requirement that can block resources from being used elsewhere.



Enter your details to download this article for free.

Enter the characters shown in the image.


Synechron, Inc. and/or its affiliates and group companies takes your privacy seriously. By providing your information, you are signing up to receive information about Synechron services and related marketing. Your personal data will be protected in accordance with Synechron's Privacy Policy. By filling out this form, you are giving Synechron your consent so that we may communicate relevant information to you via email, telephone, invitations, and other digital notifications. If at any time you would like to withdraw your consent or update your profile and preferences, you can do so by clicking here or by contacting us directly.