WannaCry was a clear example of the dangers that businesses can face when they are using software that has reached end of life – and Windows 7 reaches end of life on January 14, a data centre back-up company points out. PCs running on Windows 7 will be significantly more at risk of ransomware, Veritas Technologies says, after Microsoft support for patches and bug fixes to the software ends.
Despite supported PCs being pushed patches for the cryptoworm, Europol estimated that 200,000 devices in 150 countries, running older, unsupported, software became infected by WannaCry. Although an estimated $130,000 was paid in ransoms, the impact to business is understood to have run into the billions; due to lost productivity, lost data, and corrupted hardware. Microsoft ended mainstream support of Windows 7 in 2015, giving users five years to ready themselves for the software to reach end of life.
Veritas is urging businesses running Windows 7 to prepare themselves to avoid the impact that vulnerability to ransomware could have. Its tips:
Educate employees – the biggest risk is to data that employees save to unprotected locations. Ensure that users are following best practices for where to save data so that it can be secured and consider running a simulation. Saving valued data to centralised servers, data centres or to the cloud can help reduce risk.
Evaluate risk by understanding your data – for enterprises, insight software solutions can help to identify where key data lives and ensure that it complies with company policies and industry regulations. This is critical not only to identify the challenges but also to prioritise the recovery process.
Consider a software upgrade – this isn’t going to be practical for large enterprises in the time left, but it could well be part of longer-term strategy. For SMEs, the most sensible solution might be simply to upgrade to an operating system with ongoing support.
Run patches while you can – according to the Ponemon Institute, 60 per cent of respondents who experienced data breaches did so despite a patch to prevent breaches being available to them. Businesses should at least make sure that they are as up-to-date as they can be whilst they can. Users will also be able to buy “ESUs” from Microsoft to access patches during their migration to newer software.
Ensure that data is backed up – ransomware relies on the idea that paying a ransom is going to be the only/cheapest way to regain access to your data, yet are those that pay up are actually able to recover their data from criminals? Veritas advocates the “3-2-1 rule”, where data owners have three copies of their data, two of which are on different storage media and one is air gapped in an offsite location. With air-gapped data backup, businesses have the much safer, and more reliable option, of simply restoring their data, the firm says.
Ian Wood, Senior Director, EMEA Cloud and Governance Business Practice at Veritas said: “In January 2020, a quarter of all PCs are going to fall into this category so it’s vital that the organisations that rely on Windows 7 are aware of the risks and what they need to mitigate them. This type of ransomware attack tends to have a disproportionate effect on organisations that can afford ransoms least – for example, we saw high-profile attacks on public sector bodies in 2017. So, it’s critical for those running Windows 7 to act now and put plans in place to ensure that they are able to protect themselves. Organisations need to understand their data and make sure that information is being stored in the right place where it can be protected and made available when needed.”
