As has been touted for months now, Microsoft will no longer be providing security patching for its Windows XP operating system. Since the announcement that Microsoft would end this critical support companies and individuals across the globe have been weighing the pros and cons with continuing the use of the system moving into the immediate future. Unfortunately, for many upgrading infrastructure and software took a hit as the world economy declined into a deep recession after the 2008 financial crisis and throughout the slowest recovery of the United States economy since the 1940s. Putting off the regular changes and upgrades every few years in an effort to keep costs down has many now faced with a very difficult business decision; do we upgrade or accept the risk a little longer? Here are some of my thoughts on the subject.
It is very important to consider what exactly the decision to no longer patch XP can mean for your business and information if you own one of the approximately 20% of PCs that are still operating on this system. Removing security patching is similar to removing the Little Dutch Boy from the dike. Without this dedicated young man running from hole to hole, patching as he went, disaster would have eventually struck his town. The change with XP support is no different. Windows XP is an extremely mature operating system, for sure, and it has been run through the gamut by programmers and hackers alike. That means that the holes may be small and spread out right now. Just like a small crack in a dike with tens of thousands of gallons of water trying to find a way in. Eventually those holes and crack combine and become larger allowing the threat to propagate and destroy what the dike was intended to protect.
There are systems out there, including most of the ATMs you may use on a daily basis, that run on Windows XP. Any system that does will possibly be vulnerable in the interim until upgrades can be made. These upgrades are costly and time consuming due to the embedded nature of the software. Speaking of embedded, if your system is using Windows XP Embedded, you still have some time before you will be in the same boat as traditional XP users. Given the large amount of clientele that have systems with XP embedded in their operations, Microsoft developed a temporary stop gap measure that is available at a price. They are in business to make money, of course. Customized support is available to users after today for $200 per machine per year. This cost will grow exponentially year over year until the only choice that is economically feasible will be a complete systems upgrade. Given the available options (upgrade, accept the Risk or pay exorbitant annual fees) it is time to bite the bullet, if you are behind the power curve, and upgrade.
If you are interested in learning more about cyber security, corporate espionage and the many ways that your vital information can be compromised, MSA Security and the NJIT BEOC Alliance will be hosting a symposium on the subject at NJIT on May 1st.
For more information as well as registration details.