Article by: Mat Clothier, CEO, CTO and Founder at Cloudhouse
It has been four years since Windows XP reached its ‘end of life’ back in April 2014. The end of life (EOL) of an operating system marks the point after which security updates and patches will no longer be provided; although the systems still run seemingly as they did before, they will thereafter lack the level of protection that is required today to prevent cyberattacks.
It is important for all organisations to understand the risks that maintaining older, unsupported operating systems (OS) can have. So what have we all learned in the last four years about the effect of XP’s EOL?
1. Frighteningly enough, lots of organisations are still using Windows XP
Despite the length of time that has passed since Microsoft stopped supporting Windows XP, there are still many organisations worldwide that run the rapidly ageing operating system. As of May last year, XP was the world’s third most popular OS, behind Windows 7 in first and Windows 10 in second. Gartner predicted that there would be approximately a total of 2 billion PCs in use worldwide in 2014 and by using this number as a guide, that would mean that in May 2017 there would have been around 140 million computers running XP.
Even if we assume that this number has reduced since then, allowing for the natural evolution of digital transformation projects and upgrades, that still means that there is potentially over 100 million XP machines in use today. Having such a large number of computers without up to date security is a major concern, both for the organisations that use them and their customers who rely on the services they provide.
2. Ransomware can and will take advantage
In recent years we have seen a rise in the number of ransomware attacks occurring across the globe, causing a predicted loss of USD$5 billion last year. WannaCry is known as one of the worst attacks in history, with millions of computers affected worldwide, including many belonging to the NHS. Running XP was one of the reasons that so many computers were vulnerable to this attack, as well as multiple others in recent years. But why?
Without the most recent security updates that newer operating systems receive on a regular basis, older machines are left without the level of cyber defences that are required to prevent attacks such as WannaCry or NotPetya having a devastating impact.
3. GDPR will only exacerbate the problems
On 25th May 2018, GDPR will come into effect and any organisation that holds the data of EU citizens will have to comply with this new regulation. This will involve being able to provide all of the data being held about any customer at any time, as well as being able to prove that such data is being stored securely.
Organisations operating old OS’s may find themselves unable to comply with the latter in particular, as their limited security is unlikely to be strong enough to protect customers’ data from potential cyberattacks. An unpatched system is an easily recognisable red flag and should an attack occur, the organisation would not only risk losing the data that is compromised, but they would also be subject to fines as a result of failing to comply with GDPR – costing up to €20 million or 4% of their global turnover.
4. Migrating apps is a big, if not the biggest, reason to run legacy OS
A recent FOI request by Cloudhouse discovered that according to UK councils, migrating applications was the biggest problem when upgrading to a new operating system. This is an issue that affects not just public sector, but organisations across multiple industries. When bespoke apps are written, they are often designed solely for the system they are written on. This can cause problems when the organisation eventually tries to upgrade the OS, as the apps usually cannot be run easily on the newer system.
If the organisation relies on these applications to provide their services, they will understandably be reluctant to embark on the challenge of rewriting these apps to suit the new OS, which can be a lengthy and very costly process. This dilemma has led to the millions of computer systems that have yet to be updated, despite the security risks that putting off an upgrade causes.
5. Not all organisations have learned their lesson
Particularly when it comes to tech, there will always be the next big thing. The two-year countdown to Windows 7’s EOL has already begun, with the date set for 14th January 2020. However, with 7 still standing as the most popular OS, it seems that many IT leaders have not learned from the mistakes made with XP. Migrating everything on your current system to a newer version takes time, something which organisations that migrated from XP to 7 will already know. Therefore, it is concerning that so many Windows 7 machines still exist without any form of contingency plan for this deadline, as it will prove difficult to complete a full migration in less than two years.
As the fourth anniversary of XP’s end of life comes and goes, organisations running any older system, including Windows 7, should be reminded that putting off a system upgrade will never solve the problem – it will only make it worse when you are forced to face it.