Absolutely. Security is paramount. Monitoring for those risks is also paramount.
The interesting thing is that sometimes, when the technology gets so old, they become things that hackers don't go after anymore. The biggest risk is the things that are widely deployed but are not patched and are not on the current versions. That's some of the stuff that Paul's organization and the CCCS monitor very closely, because we have to be aware of what the threats are and make sure the systems are patched to accommodate them.