Comment Re:Are you starting your supply chain audits now? (Score 1) 17
Relying on a firewall is not sufficient to secure internal services. There is a long list of security breaches that were caused by an employee getting their laptop breached, for whatever reason, and then the bad actors roamed around the private network and exploiting known, patchable, vulnerabilities.
Of course the urgency to update is not the same for publicly accessible services as it is for services on the internal network, but running a 5y old server without updates when there is a long list of critical CVE is very much negligence.