Cybersecurity experts have warned
companies to migrate to newer operating systems or else face major security
breaches in the event of a cyber attack
Microsoft has announced major plans to end support for Windows 7, ten years since its release in 2009. Businesses are now urged to upgrade their operating system to prevent cyber breaches. How will this impact SMEs who still choose to rely on old software? Tech experts have warned millions of organisations will be left vulnerable to cyber-attacks if they do not have other protective mechanisms in place.
There are still more than 440 million people using Windows 7 across the world. The National Cyber Security Centre (NCSC) has urged users to upgrade their Windows 7 operating system or else face risk of cyber-attacks, which could cause havoc to companies still relying on the software.
Anthony Bettini, CTO of White Hat Security, an application security firm which helps businesses protect critical data, has warned how devices reaching their end of life (EOL) are often an easy target for hackers and get attacked much more frequently than newer software – and many organisations fail to update their devices, even after a security breach.
“Often, we see businesses still running Windows 7 or other old software or applications due to the software’s use on embedded devices or systems that aren’t interacted with regularly,” Anthony Bettini, CTO, WhiteHat Security. “Unfortunately, if organizations don’t have a strong Vulnerability Management Program in place, which includes asset detection and constantly attempts to drive down the mean-time-to-remediation (MTTR), then often we see organizations not prioritizing EOL software maintenance until after a successful attack.
“Updating software sometimes is as easy as applying a patch. However, if there is a critical application on the server, coordinating downtime and possibly modifying the application to be compatible with the new component may need to be scheduled and often far out. EOL software presents an additional challenge in that it inherently can’t be updated – it needs to be replaced by a newer version (if one even exists).”
However, businesses may not bother to migrate to a newer operating system because of the staggering cost. Until their current software is out of support and not compatible with applications and hardware, many companies may not see the urgency to change operating systems right now, which could put millions of businesses at risk.
“From a business perspective, compatibility with applications and hardware, feature availability or lack thereof, and vulnerabilities associated with an OS that is out of support are the biggest issues,” Bob Davis, CMO of Plutora, a software company who provide management solutions for enterprise IT, said. “Once the vulnerability point number is crossed, businesses should be migrating quickly. But until then, why? End users will focus far less on vulnerability, perhaps to their peril. But nonetheless, if features and compatibility are ok, why upgrade. I really think it’s a simple matter of people being comfortable with the status quo, as long as it works. Why change? Again, if it ain’t broke, why fix it?”
Despite the urgency, many businesses may be hesitant to upgrade their current software due to time constraints, resources, lack of planning and cost. Ditching out old tech can stop a company in its tracks, causing work disruptions that can affect business operations entirely – and this can cause many companies to delay upgrading their systems, leaving them in an incredibly vulnerable position.
“The one universal truth in IT is that upgrades are painful,” Marc Capellupo, senior security engineer from Exabeam, a US-based cyber security company, said. “Regardless of how much preparation you do, something will always go wrong, break, or not work after the upgrade. And so, because of that, it takes time, and it takes money, resources, and planning. Worse, there is arguably nothing more disruptive to a business than a workstation upgrade, because that touches everybody in the company. So, there has to be an incredibly convincing reason to go down that route. Windows 10 hasn’t become that reason yet. The average PC user and even enterprise IT admins, would be hard pressed to find a feature parity between Windows 7 and Windows 10. It’s also not the security team arguing for the upgrade at the next executive meeting.
He added: “Pain is the biggest driver in phasing out old tech. Developers unanimously hated programming for IE 6, forcing users to upgrade to a modern browser when half of the websites they visited didn’t work anymore. The predictable cost of ongoing maintenance will give companies a longer runway to roll out the upgrades until it is either too expensive to maintain or the potential risk for an unpatched vulnerability forces them to. You would be surprised just how many companies Chris and I walk into that still haven’t finished their Windows XP upgrades.”
All Windows 7 users have been urged to upgrade their operating systems or else face the risk of hackers exploiting bugs in their systems. Companies running on Windows 7 may have their personal and financial data stolen and could be spied on without their knowledge. Therefore, it is essential all businesses upgrade their software and protect their data before it is too late.
