Organisations that haven’t updated their operating systems by the time Microsoft ends support for Windows XP on 8 April will be left open to attacks from hackers and cyber criminals, consultancy firm EY has warned.
As of next month Microsoft will no longer be releasing updates for its 13-year-old operating system as the firm moves, in its own words, to “invest our resources toward supporting more recent technologies so that we can continue to deliver great new experiences”.
But many organisations – including public sector bodies such as GCHQ and the NHS – are still heavily reliant on Windows XP, something Mark Brown, director of information security at EY, warns could leave a massive cyber security gap, which could be exploited by computer hackers seeking to steal data.
“Hackers will use this as an opportunity to take advantage of those organisations that have not got their house in order. Far too many businesses are asleep at the wheel over this issue and this could mean valuable consumer data being at risk,” he said.
Brown called for the government to do more to raise cyber security awareness and set out the business case to upgrade to Windows 7 or Windows 8.
“Given the scale and significance of the threat, we want to see UK government doing more to tackle this problem and raise awareness among business leaders of the risk imperative of cyber security,” he said.
“With only a month to go we now really need to see urgent action being placed onto establishing the business case for upgrading to newer operating systems such as Windows 7 or 8.”
According to Brown, one solution to the issue could be bring your own device (BYOD), as users are likely to have a home laptop or tablet running a more up-to-date operating system, which would reduce the risks posed by continuing to use Windows XP.
“BYOD potentially offers a fast track to upgrading outdated systems as employees, who tend to be using newer operating systems at home, can thus increase the levels of protection provided to a business’ IT system,” said Brown.
Nevertheless, Brown warned, BYOD itself poses a different type of security threat to organisations.
“However, this will bring new challenges and risk as it moves away from safer traditional enterprise IT platforms,” he said.
Labour shadow Cabinet Office minister Jonathan Ashworth recently warned that HMRC and the NHS have “dropped the ball” over the end of support for Windows XP, leading to a situation that could become a “free-for-all” for hackers.