Still running Windows 7 on corporate systems? Your risk of ransomware attack is about to increase…
- Published: Thursday, 09 January 2020 09:24
PCs still running Windows 7 when it passes its end of life date on the 14th of January will be significantly more at risk of ransomware, Veritas Technologies has warned. According to Veritas, 26 percent of PCs are expected to still be running the Microsoft software after support for patches and bug fixes ends.
The vulnerability to ransomware of PCs running unsupported software was demonstrated by the WannaCry virus in 2017. Despite supported PCs being pushed patches for the cryptoworm, Europol estimated that 200,000 devices in 150 countries, running older, unsupported, software became infected by WannaCry. Although just $130,000 was paid in ransoms, the impact to business is understood to have run into the billions of dollars due to lost productivity, lost data, and corrupted hardware.
Microsoft ended mainstream support of Windows 7 in 2015, giving users five years to ready themselves for the software to reach end of life.
Veritas is urging businesses running Windows 7 to prepare themselves in order to avoid the impact that vulnerability to ransomware could have on their organizations, and is offering five tips that could help to navigate the challenge:
- Educate employees: the biggest risk is to data that employees save to unprotected locations. Ensure that users are following best practices for where to save data so that it can be secured; and consider running a simulation. Saving valued data to centralized servers, data centres / centers or to the cloud can help reduce risk.
- Evaluate risk by understanding your data: for enterprises, insight software solutions can help to identify where key data lives and ensure that it complies with company policies and industry regulations. This is critical not only to identify the challenges but also to prioritize the recovery process.
- Consider a software upgrade: this isn’t going to be practical for large enterprises in the time now available, but it could well be part of a longer-term strategy. For SMEs, the most sensible solution might be simply to upgrade to an operating system that has ongoing support.
- Run patches whilst you can: according to the Ponemon Institute, 60 percent of respondents who experienced data breaches did so despite a patch to prevent breaches being available to them. Businesses should at least make sure that they are as up-to-date as they can be whilst they can. Users will also be able to buy ‘ESUs’ from Microsoft to access patches during their migration to newer software.
- Ensure that data is backed up: ransomware relies on the idea that paying a ransom is going to be the only/cheapest way to regain access to your data, yet research shows that less than half of those that pay up are actually able to recover their data from cyber criminals. Veritas advocates the ‘3-2-1 rule’, where data owners have three copies of their data, two of which are on different storage media and one is air gapped in an offsite location. With an air-gapped data backup solution, businesses have the much safer, and more reliable option, of simply restoring their data.