An investigation by the National Audit Office (NAO) has uncovered that 30 per cent of applications used by the Department for Environment, Food & Rural Affairs (Defra) are unsupported, having been developed with outdated software, increasing their security risk.
The report revealed that Defra, the government department overseeing environmental protection, food production, and rural communities, use an estimated 1,962 different applications with 30 per cent not supported by their supplier in July 2022.
Critical service failure
The report outlined that Defra is at ‘serious risk’ of critical service failure or cyber-attack as a result of a lack of investment in core IT systems and cybersecurity.
Cybersecurity expert Achi Lewis, Area VP EMEA for Absolute Software, commented: “Out of date and unsupported applications leave devices vulnerable to malicious actors, and particularly at a time of heightened cyber threat due to holiday scams and the recession, it is important that devices at all organisations, including Defra, are kept up to date to mitigate as much risk as possible. Whether it be automation, upskilling, outsourcing, or another means, organisations must ensure they have a strong cybersecurity posture at a time when there is significant threat of cyber-attacks.”
Subsequently breach applications
The government committed £2.6 billion in spending for cyber and legacy IT between 2022-23
“Absolute’s The Value of Zero Trust in a Work From Anywhere World Report earlier this year presented similar findings, with two thirds of enterprise devices running 2+ OS version behind, and that on average enterprise devices are 77 days out of date with current patching.”
“Devices behind on updates don’t always threaten the organisation, rather the device itself and the user principally, but patches and OS updates protect against known vulnerabilities that cyber criminals can use to exploit endpoints and subsequently breach applications, or even an organisation’s network. Whilst postponing an update may seem harmless, it can be detrimental, and it is crucial that IT and cyber teams ensure company devices are up to date and that staff are educated of the risks.”
In the 2021 Spending Review, the government committed £2.6 billion in spending for cyber and legacy IT between 2022-23 and 2024-25 to minimise cyber risks for departments, with £871 million being directed to Defra. Although the levelling up of IT systems is underway, NAO estimates that a full transformation of Defra’s business applications will take 10 years.