As I watched the news and read various news articles relating to the WannaCry ransomware attacks, and more recently the Petya virus, I was struck by the details that emerged about organisations using old, unsupported versions of Microsoft Windows desktop operating system (such as Windows XP).
Windows XP was a very reliable operating system, and from that perspective I can appreciate why IT departments around the world still cling to what is now a 15-year-old operating system. And even those that would like to upgrade face numerous challenges, most notably legacy software (and sometimes infrastructure) which isn’t compatible with the latest operating systems.
In other words, many businesses delay the decision to upgrade to a newer operating system because it’s a ‘double whammy’ – they need to upgrade the operating systems and the line of business applications, all at the same time.
Security features need to be in line with emerging threats
There are challenges to upgrading, and I don’t want to downplay or over-simplify these issues, but businesses must find a way to move forward with their technology. Microsoft have significantly improved the security of each successive operating system they’ve released, with Windows 10 being by far Microsoft’s best operating system from a security perspective. Comparing Windows XP and Windows 10 is a ‘night and day’ comparison when it comes to security features. And when you think about it, this makes sense. Earlier operating systems were designed within the environment of threats that existed at that time. As new threats emerge, it’s impossible for Microsoft to retrospectively change the design of their older operating systems. They can of course patch known security vulnerabilities as they are discovered, but this is not as effective as an up-to-date operating system that’s designed to deal with modern day threats.
Don’t just rely on patches
When I speak to business people, it’s clear that this point isn’t well understood. Many people think that security patches are the key, and that as long as they’re ‘patched’, there’s no risk. But this isn’t the case, and there’s no question that newer operating systems like Windows 10 are far better able to anticipate and neutralise threats than older operating systems, regardless of which patches are installed.
A simple example of this is UEFI (Unified Extensible Firmware Interface). It’s a fancy acronym, but stay with me – I promise it’s not too technical. The fight against malware and hacking requires the ability to maintain the integrity of the hardware and the operating system’s boot process. Until Windows 8, this proved to be a significant challenge. Boot and rootkit malware could infect the device before any of the system defences, such as anti-virus programs, had started and thereby render those defences inoperable. Windows 8-certified or more recent devices include a new hardware component called UEFI Secure Boot, which helps maintain the integrity of the system firmware and operating system from power on to power off.
What’s the threat to the bottom line?
Businesses of all sizes are increasingly faced with a difficult choice, but one that cannot continue to be ignored. If businesses don’t invest in Windows 10, they are making their networks more vulnerable, and with threats such as ransomware only growing in sophistication and prevalence, the direct cost of a malware attack and the potential damage to a business’s reputation can far outweigh the cost of upgrading to Windows 10.
To summarise, it’s our strong view that all businesses should use Windows 10, and whatever barriers exist to upgrading to Windows 10 should be budgeted for and prioritised accordingly. Don’t let legacy applications be the excuse for leaving your network dangerously exposed. The risk of procrastination is simply too high, and as the WannaCry and Petya outbreaks have proven, delaying will inevitably cost more in the long run.