Old network cameras, ageing routers, forgotten printers, and unmanaged NAS drives are not just inefficient. They are active security liabilities, and in most London offices they are quietly running on live networks with nobody responsible for them.
This is what a zombie tech audit addresses. It is the process of identifying every device on your network that is still drawing power and handling data but is no longer receiving security patches, no longer managed, or simply lost track of over the years.
The UK’s National Cyber Security Centre has consistently highlighted unpatched and unsupported devices as one of the most common factors in successful attacks against UK businesses. And yet many organisations invest heavily in protecting laptops and servers while leaving a printer from 2011 or a camera from 2014 wide open on the same network, untouched and unmonitored.
If you are working with a managed it support services company london provider, keeping a complete and accurate inventory of everything on your network should already be part of the service. If you are not certain it is, this article will walk you through what zombie tech looks like, why it matters, and what to do about it.
What Is Zombie Tech?
Zombie tech is any device that is still running on your business network but is no longer receiving security updates or manufacturer support. It is still alive in the sense that it is powered on and functional. But from a security perspective it is dead, because no one is fixing the vulnerabilities that accumulate in it over time.
In a typical London office environment, zombie tech falls into several categories:
- Network-connected cameras and physical security systems running old firmware
- Routers and switches that have not had a firmware update in years
- Printers and multifunction devices that store documents, hold credentials internally, and connect to your network
- Network-attached storage devices set up for a specific project and then forgotten
- VoIP phone systems running outdated software
- Windows 10 machines that are still in use after Microsoft ended extended support in October 2025
- Legacy servers running end-of-life operating systems
- Smart building systems such as IP-connected HVAC controls, access card readers, and intercoms
The common thread across all of these is network access combined with an absence of patching. Each device is a potential entry point for an attacker who knows what they are looking for.
Why Attackers Are Interested in Your Old Devices
When a vulnerability is discovered in a router, camera, or printer firmware, the manufacturer typically releases a patch. But if nobody in your organisation is responsible for applying that patch, the device stays vulnerable indefinitely, regardless of how good the rest of your security is.
Attackers scan networks for devices running known vulnerable firmware versions. This does not require sophisticated skills. Automated tools for doing exactly this are freely available online, and attackers use them routinely against business IP ranges. Once a vulnerable device is found, it provides a foothold from which they can move laterally through your network, capture credentials, intercept traffic, or in some cases deploy ransomware.
Our post on common network vulnerabilities and how to fix them explains how this kind of attack unfolds in practice and what the most frequently exploited weaknesses look like in real business environments.
The problem is often made worse by default credentials. Many network cameras, routers, and printers ship with a standard manufacturer username and password. If nobody changes them during initial setup, they remain as published in the device manual, which any attacker can look up in seconds.
Our post on 7 neglected IT management activities that can harm your business covers this and several other device management gaps that tend to go unaddressed when a business is growing quickly.
The Most Common Zombie Devices in UK Offices
Cameras and physical security systems
IP cameras are frequently the least-managed devices on any business network. They sit in corners, record continuously, and almost never feature in anyone’s patch management schedule. Many run embedded firmware with known vulnerabilities that have existed for years without being addressed.
In 2023, the UK’s Information Commissioner’s Office issued guidance on the risks posed by certain categories of network-connected cameras, and the NCSC recommended that businesses audit their CCTV infrastructure. Even if your cameras are not from a flagged manufacturer, an old device with unpatched firmware is a security risk regardless of where it was made.
Routers and network switches
Your router is the gateway between your internal network and the internet. An unpatched router with a known vulnerability is, in practical terms, a door with a broken lock. Attackers who gain access to a router can intercept traffic, redirect users to malicious sites, and monitor communications without anyone inside your business noticing.
Our posts on simple tips to secure your corporate firewall and further steps to harden your firewall and perimeter are worth working through if you have not reviewed your network perimeter recently. Our guide to securing your small business network also covers the fundamentals for organisations without a dedicated network team.
Printers and multifunction devices
Modern office printers are essentially small computers. They run operating systems, connect to Wi-Fi, store documents in internal memory, send emails, process scanned documents, and in many cases have web interfaces that can be reached remotely.
Most businesses replace computers on a regular cycle but keep the same printer for a decade or more. The result is a device that handles sensitive business documents and sits on your network running firmware that has not been updated since it left the factory.
Windows 10 machines
Microsoft ended extended support for Windows 10 on 14 October 2025. Any machine still running Windows 10 after that date is no longer receiving security patches and should be treated as an unacceptable risk.
Our posts on Windows 10 end of life and what you need to know and why London SMBs need to act now on Windows 10 end of support cover the specific risks for UK businesses. If you are planning a hardware refresh, our post on why your business should upgrade to Windows 11 explains what to expect from the process and what the upgrade delivers in terms of security improvement.
NAS devices and legacy servers
Network-attached storage devices are a particularly high-value target because they hold large volumes of data. Many were set up by a previous IT team or for a specific project, and the business has simply carried on using them without anyone taking ownership of their security. Ransomware groups specifically target internet-exposed NAS devices because of the data they hold and the leverage that provides.
Old servers running end-of-life operating systems present a similar problem. They may be running business-critical applications that nobody has got around to migrating, but each day they remain unpatched is another day an attacker could exploit them.
Zombie Tech Risk Summary
| Device Type | Primary Risk | Typically Patched | Recommended Action |
|---|---|---|---|
| IP cameras | Default credentials, remote exploit, firmware CVEs | Rarely | Audit firmware version, change credentials, replace if EOL |
| Routers and switches | Traffic interception, known CVEs, pivot point | Occasionally | Apply firmware updates, replace EOL hardware |
| Printers and MFDs | Document storage, default passwords, network access | Very rarely | Update firmware, segment from core network |
| NAS devices | Ransomware target, exposed shares, weak authentication | Rarely | Audit access controls, update firmware, disable unused services |
| VoIP phones | Eavesdropping, credential exposure, network pivot | Very rarely | Update firmware, restrict network access |
| Windows 10 PCs | No patches post-October 2025 | N/A (EOL) | Upgrade to Windows 11 or replace hardware |
| Legacy servers | Unpatched OS, known exploits, data exposure | Variable | Upgrade, migrate workloads, or decommission |
| Smart building systems | Default credentials, internet exposure | Very rarely | Isolate on dedicated VLAN, audit access points |
How to Conduct a Zombie Tech Audit
A zombie tech audit does not need to be a disruptive or expensive exercise. The goal is to build a complete and accurate picture of everything on your network and then assess each device against a clear set of criteria.
Step 1: Discover everything on your network
Use network scanning tools to identify every IP-connected device. Many businesses are genuinely surprised by the results. Document device type, manufacturer, model, IP address, and where possible firmware version and the date it was last updated.
Step 2: Check whether each device is still supported
For every device you find, check whether the manufacturer is still releasing firmware or software updates. If a device has been discontinued and is no longer patched, it needs to be replaced or isolated.
Step 3: Check for default credentials
Verify that the default manufacturer username and password have been changed on every network-connected device. If they have not, change them immediately.
Step 4: Check for known vulnerabilities
Cross-reference firmware versions against the National Vulnerability Database. If a device is running a version with known CVEs, apply the available patch or plan for replacement. Our hardware and software service can help you source and deploy replacements as part of a structured refresh programme.
Step 5: Decide what to do with each device
Every device should fall into one of three categories: patch and keep, isolate on a dedicated network segment, or replace. Isolation is a legitimate interim measure for devices that cannot immediately be replaced. Putting unsupported devices on a dedicated VLAN with no access to your core network limits the damage significantly if they are compromised.
What to Do After the Audit
A zombie tech audit is only valuable if it leads to a clear plan. Once you know what is on your network, the next step is validation.
Our posts on network penetration testing explained, how often to run network penetration testing, and internal vs external network penetration testing explain how testing works and which type suits different business situations. Our comparison of penetration testing vs vulnerability scanning helps you decide which assessment to prioritise if you have not done either before. Our network penetration testing service can validate your network security posture after an audit and confirm that the controls you have put in place are actually working.
Our post on the importance of penetration testing in cybersecurity and our earlier piece on why your business needs regular penetration testing both make the case for treating testing as a routine activity rather than a one-off exercise.
For devices that need replacing, a platform migration london service can manage the transition in a planned way, ensuring no security gaps open up during the changeover.
Fitting This Into Your Wider Security Programme
A zombie tech audit is one component of a broader proactive approach to security. If your business has not previously taken a structured approach, our post on whether your business needs to worry about cybersecurity is a clear-eyed starting point.
Endpoint detection and response is an important layer to have running alongside your device management programme, because old devices are prime targets for lateral movement once an attacker is inside your network. Our posts on EDR vs antivirus vs XDR and why EDR matters more than ever explain how these tools sit alongside your network security.
Anti phishing testing london is also a relevant priority, because many device-level attacks begin with a phishing email or social engineering attempt that gives the attacker their initial foothold. Combining device hardening with phishing simulation covers both the human and the technical attack surface at the same time.
For businesses with multiple locations, ensuring every office is subject to the same device audit and patch management standards is essential. A global it support company can run unified audits across all your offices and ensure no location is managed to a lower standard. For European offices, european it services providers can factor in local regulations around connected devices and data handling that may affect how you manage certain equipment.
A cloud backup company london can ensure your data is protected regardless of what happens at the device level. Even if an attacker compromises a legacy device and reaches your files, a clean and current backup means recovery is straightforward.
If you have not thought through what happens to your business in the event of a device-level attack causing a serious outage, our post on why your business needs a business continuity plan is essential reading.
For making the internal case for this kind of investment, our post on the hidden costs of reactive IT sets out the financial argument clearly, and our piece on the benefits of outsourcing your IT to an MSP explains why having a specialist team responsible for device management is often more cost-effective than managing it internally.
Having a dark web monitoring services london provider in place gives you early warning if credentials harvested from a compromised device surface on underground forums, so you can act before attackers use them further.
If you are looking for a framework to work from, our post on why your business should become Cyber Essentials accredited is a practical guide. Cyber Essentials covers patch management and secure configuration, both of which are directly relevant to addressing zombie tech across your estate.
And if your audit reveals that storage hardware is a weakness, our post on the benefits of upgrading to an SSD hard drive covers what a hardware refresh delivers beyond just performance.
Frequently Asked Questions
How often should a business run a zombie tech audit?
At minimum, once a year. For businesses that add devices regularly or that have multiple offices, a quarterly network scan is more realistic. A device audit should also be triggered whenever your office moves, a new location opens, or a significant infrastructure change takes place.
Are IP cameras really that serious a security risk?
Yes. IP cameras sit on your business network, often connect to the internet, run firmware that is rarely updated, and are almost never included in patch management schedules. Both the NCSC and the ICO have issued specific guidance on the risks from unmanaged cameras, including those with internet-facing management interfaces.
What is the device most commonly overlooked in a zombie tech audit?
Printers are consistently the most overlooked. Businesses focus on computers and servers but forget that a modern multifunction printer is a networked computer in its own right. It stores documents, holds internal credentials, and runs software that needs to be kept current.
Can we just isolate old devices rather than replacing them?
Isolation is a reasonable and legitimate interim measure for devices that cannot immediately be replaced. Placing them on a dedicated VLAN with no route to your core network limits the damage significantly if they are compromised. But replacement should remain the goal, because isolation still requires management and carries ongoing risk.
How does a penetration test complement a zombie tech audit?
A penetration test includes network discovery as part of its process, and an external tester will often find devices that an internal audit missed. More importantly, a test validates whether the controls you have applied actually hold up when an attacker tries to exploit them, rather than just assuming they will.
Book Your Zombie Tech Audit
If you are not confident that you know every device on your network, or that every device you do know about is properly managed and patched, now is the time to address it.
Northern Star can carry out a full network discovery and device audit, identify unsupported and unpatched hardware across your estate, and build a prioritised remediation plan that fits your budget and timeline.
Get in touch with our team today or call us on 0800 319 6032. You can also visit our Why Us page to learn more about how we work with London businesses to keep their IT environments secure and fully accounted for.
