Magento 1 will no longer receive security patches from Adobe after June, 2020 (source). This does not mean your store will get hacked on July 1st, but the risk of a breach will increase over time. Adobe is pushing merchants to upgrade to Magento 2, which is a sane choice for larger stores.
Should you, for some reason, want to stay on Magento 1, there are a few strategies:
A. Outsource extended Magento 1 support
A number of companies have emerged who specialize in extended (security) support for Magento 1. The most promising is German Mage-One, which is backed by a team of well-known Magento contributors.
B. Hire an on-site Magento 1 developer
Should any security issues surface, it is likely that the open source community will quickly produce a code fix. As community-sourced code does not provide any guarantees, you will need an on-site developer who can assess the fix and any implications for your store. It is recommended to engage a developer who has experience with your store and code.
This page was last updated at Apr 12th, 2021