Interviews

Windows deadline

by Mark Rowe

Microsoft will end support for its Windows XP operating system on April 8, yet many organisations are yet to upgrade to a newer version of Windows, it’s claimed. In fact, recent reports suggest that not only are 30 percent of PCs worldwide running XP, but over half of the UK’s councils and 95 percent of the world’s cash machines run on Microsoft’s platform. Given that it can take months, or in some cases years, for organisations to migrate the entire business to a new operating system, Ross Brewer, vice president and managing director for international markets at LogRhythm, has a warning for businesses.

“A huge number of organisations are still using XP and once Microsoft stops supporting it next week they are going to find themselves with gaping security holes. Time is now swiftly running out for those businesses to upgrade to a new operating system and it is likely that hackers will already be planning their attacks to exploit these vulnerabilities. Unless some form of action is taken now, anyone operating XP should be concerned.

“While antivirus software and firewalls are the basic line of defence, they won’t be able to stop everything – particularly as they already struggle to keep up with zero-day exploits. It is therefore imperative that other controls are put in place that can minimise this new weakness. An effective measure would be to implement protective monitoring tools that provide complete visibility into the network. Not only can this strategy be implemented with relative speed, but as these solutions alert on any suspicious activity immediately, organisations are in a far better position to react and contain the threat before it causes any lasting damage.

“Cyber attacks against businesses are already ten-a-penny, therefore there is really no excuse not to increase defences when there is a growing security threat – especially as they have been forewarned. Long-term, the only answer is to upgrade to a new operating system but, in the short-term, businesses can compensate by having the tools in place to know exactly what is happening on the network at all times. Most organisations have to consider it a case of when they are breached, not if, and running XP without extra protection in place is simply going to make the ‘when’ occur faster.”

And separately over three quarters (77 per cent) of UK organisations will have Windows XP running somewhere in their IT estate after that end of support deadline according to research commissioned by UK software company AppSense. The survey also suggested that over two-thirds (68 per cent) of organisations had no plans to pay for extended support despite repeated warnings about the vulnerability of the 12 year-old operating system to exploits and malware.

The survey, of 100 UK IT decision makers, also suggested that while Windows XP is still present in most organisations, it is very much in the minority in terms of penetration with these businesses. Some 87 per cent of those surveyed had less than 25 per cent of desktop estate still running Windows XP, while on average it is estimated that overall penetration of the operating system is just under 13 per cent.

The survey also suggested that 84 per cent of XP users planned to have totally migrated from the platform within the next 12 months, suggesting that there is a willingness to move but on an organisations own terms. However, of those not paying for extended support, 70 per cent of respondents were either not very or not at all concerned about security after April’s cut-off date.

Simon Townsend, Chief Technologist, AppSense EMEA, saw a lack of concern among UK organisations around the possible dangers of running XP after April 8. He said: “Part of the reason for lack of concern would appear to be the low level of dependency currently on the XP operating system. While it is still present in many organisations, the numbers would suggest that it is very much on the periphery.

“It might be the case that an XP machine is running a print server, or some other application which is not entirely obvious. The reality is though, that one machine could potentially put an entire network at risk and without adequate protection it could be a step into the unknown for UK businesses.

“While it’s clear that organisations are committed to getting off the Windows XP platform in the medium term, they are opening their organisations to potential threats by leaving systems unsupported. This figure also suggests that organisations want to get the migration process right and will not be rushed as they head towards a deadline. From my experience and involvement with organisations to date, the priority is getting off Windows XP, but many are still planning or are unsure about how to progress. It’s a balancing act between planning the migration, but also protecting whilst you migrate.”

Bob Tarzey, Analyst and Director with Quocirca, added: “As with most commercial software, Windows XP has had a long history of security vulnerabilities and exploits, so the apparent lack of concern around the platform following the end of official support is surprising. Windows XP will still be vulnerable to Zero Day exploits, so continuing to use the operating system without any support arrangement is risky.

“Windows XP has been a victim of its own success. It has proved to be a solid, stable and very widely used operating system and as a result it is deeply rooted in the many businesses. However, the time has come to move on from technology that is well over a decade old update to more recent systems.”

Related News

  • Interviews

    Identity crime report

    by Mark Rowe

    Identity Crime: On your doorstep: a 24-page report is by the counter-fraud trade body CIFAS with Ordnance Survey, that analyses geographically the…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing