There are good reasons for retiring old, out-of-date software – particularly when the vendor is encouraging you to switch to its newer, more secure version.
A number of large organisations – including the Reserve Bank of New Zealand, the University of Colorado, Australia’s Financial Regulator ASIC, Washington State Auditor, Singtel (Singapore’s largest telco), law firm Jones Day and US grocery chain Kroger – all decided to stick with Accellion’s 20-year old File Transfer Appliance (FTA) and, as a result, appear to have suffered data theft and extortion as a result of a criminal group finding and exploiting vulnerabilities in the FTA.
Read more here: Accellion: How Attackers Stole Data and Ransomed Companies (bankinfosecurity.com).
Any organisation maintaining its risk assessment process, and scanning the threat horizon, would not be caught like this. Frankly, any organisation with a forward-looking IT strategy wouldn’t even be worrying about the threat!