Cybercrime is evolving faster than systems can keep up, so if your business is still sitting in the past, it’s sitting with vulnerabilities, writes Richard Frost, head of innovation and technology at Armata Cyber Security.
According to the ‘Connected Business: digital dependency fuelling risk’ report, cyberattacks have increased by 105% between 2020 and 2024. The cost of these breaches, says IBM, has risen by 10% from 2023 to 2024. In South Africa, the average cost was just over R53-million.
Yet 57% of end users say that their biggest challenge is using outdated IT or security infrastructure while IBM says 70% of companies have delayed undertaking an infrastructure refresh at least once over the past five years leaving companies and their systems in a risky security position.
This effectively means that companies operating in 2025 are doing so with 2020 systems that are incapable of handling the modern cybersecurity threats. These attacks have become so sophisticated and intelligent they have the ability to rip through 2020 architecture as a knife through paper.
Attackers are using advanced malware and deepfake technologies powered by artificial intelligence to enter into systems that are ill-prepared for their complexity and capability. Outdated security protocols from 2020 can’t counter these modern threats, much less the zero-day exploits that have increased significantly over the past five years.
Older systems are also facing challenges around the lack of support they receive from vendors. Companies currently sitting on the cusp of the new Windows 10 end of life on 14 October 2025, for example, aren’t going to receive anymore free security updates or technical support.
They can pay for an extension, but this is only stretching the protection they need even thinner as Microsoft’s security teams prioritise newer systems and the threats that knock on those doors.
The same applies to outdated protocols like SSL 3.0 and TLS 1.0 which are vulnerable to attacks such as BEAST and POODLE and that are easily exploited by threat actors.
It doesn’t matter how high-end 2020 technology was, if it isn’t up to date or modernised to 2025 security standards, your business is behind. The cold reality of this statement is brought into sharp relief by AI – ChatGPT and the subsequent explosion of AI resources only happened in 2022 and cybersecurity tools from 2021 or earlier don’t have the ability to detect AI attacks.
Since 2022, phishing attacks have increased by 1 265% as AI has transformed the ease with which attackers can create incredibly realistic deepfakes and phishing emails. Novel social engineering attacks rose by 135% and 85% of cyberattacks have AI as their engine.
Now think on your endpoint detection and response (EDR) solution. If you’re running an antivirus that’s not up to 2025 standards or support any form of application behaviour analysis, your system will be unable to identify polymorphic viruses. This is because it will be hunting specific fingerprints within your system and won’t have the capability to identify attacks that change their fingerprints at speed.
Unfortunately, a lot of companies don’t have solutions in place that cater for next-generation endpoint protection which leaves them in a precarious position.
Upgrades, reinventions, updates and evolved security systems in 2025 are light years ahead of what was available even two or three years ago. The same thinking that applies to buying a new, next-generation car compared to an older model, applies here – the difference in generation is everything when it comes to performance. You need to update your systems and remain ahead of all patches, consistently.
The risks are growing, and yet companies are still not patching their vulnerabilities as quickly as they should. Waiting two months to resolve an issue only leaves the door open to the attackers.
Old, outdated systems are incredibly limited and cannot adapt to threats, but they can be evolved to keep up. The right tools, regular patches, awareness of zero day vulnerabilities, investing in modernised threat detection solutions – all these factors combine to create a resilient security web that will and can evolve to challenge the threats while protecting the business.