Nearly a third of UK councils that responded to a Freedom of Information request submitted by CRN journalist Hannah Breeze are still running Windows XP on their PCs despite the fact that Microsoft officially ended support for XP on 8 April 2014:
“Some 31 per cent of councils which responded said they are running Windows XP in some form and of all the PCs declared by the authorities, seven per cent are running the ancient OS.”
As the 2014 deadline drew near, the UK Government paid Microsoft £5.5 million to extend support for another year – until April 2015 – and Microsoft Software Removal Tool and Microsoft Security Essentials (MSE) updates for Windows XP continued until 14 July this year, but since then XP has been entirely unsupported.
What does ‘unsupported’ mean in this context?
Microsoft’s help pages explain:
“An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information.”
In other words, vulnerabilities found in XP from now on stay vulnerable. There are no patches. Information is at an increased risk of theft.
As security consultant Graham Cluley commented, “we have no choice about sharing our personal information with public bodies such as our local councils.
“As a result, you have to cross your fingers and hope desperately that they will do a competent job at keeping our data secure.
“But, in my opinion, continuing to use Windows XP when Microsoft itself has begged people to stop, and no longer provides any support or security updates, is asking for trouble.”
Maintaining up-to-date software and applying patches when they are released is essential to keeping your systems secure. As soon as a vulnerability is discovered and publicised, criminal hackers use automated attacks to crawl the Internet, looking for examples to exploit.
Automated attacks are cheap and easy to run, and by their nature are indiscriminate, looking only to exploit known weaknesses, not specific sites. Every business is equally at risk, including yours.
If you’re using unsupported or vulnerable versions of software, then you will be compromised unless you act quickly to install a patch or update. If no patches are available, you remain at risk until you upgrade to newer, supported systems.
The Cyber Essentials scheme
Launched in 2014, the government’s Cyber Essentials scheme provides a set of five controls that organisations can implement to establish a baseline of cyber security, and against which they can achieve certification to prove their credentials.
Certification to the scheme will demonstrate to your customers and business partners that fundamental cyber security measures are in place, and provides evidence to validate your organisation’s security posture.
For a no-nonsense introduction to the Cyber Essentials scheme, order your copy of Cyber Essentials – A Pocket Guide for only £3.49 now. Click here for more information >>
IT Governance is a CREST-accredited Cyber Essentials certification body. To find out how our fixed-price Cyber Essentials solutions can help you achieve Cyber Essentials certification for as little as £300, click here for more information >>