What is the risk of using Windows 7 after end of life support?

January 13, 2015 marked the end of mainstream support for Windows 7 or the end of non-critical security updates, design changes, and complementary support for the OS. Currently in its extended support phase for bug fixes, updates, and paid support for businesses, Windows 7 will lose all that support when it enters its end-of-life (EOL) phase on January 14, 2020.

An upgrade to Windows 10, Microsoft’s latest operating system, is recommended. Seeing that 37% of PC users — both private and enterprise — use Windows 7, there may be resistance to change. So Microsoft recently rolled out an update that repeatedly informs Windows users of the 2020 EOL and urges them to upgrade.

The risk

Windows 7 can be installed and will function even after EOL. However, there are risks in using any unsupported software or unsupported operating system. At some point, a vulnerability will be discovered that will not be fixed. Hackers will exploit such vulnerabilities with malware and other attacks.

Your business will be left relying on your own security tools to cover for an essentially security-disabled system. Note that operating system upgrades will always be an essential security layer to protect against the billions of malware samples out there, not to mention the hundreds of thousands of new ones that enter the net daily.

Businesses can’t afford to be at risk. Incidents of ransomware skyrocketed in 2017 and have not diminished since. Contrary to reports of incident decline, the 2019 Verizon Data Breach Investigations Report (DBIR) ranked ransomware as one of the most prevalent threats of 2018.

Also in 2018, a record-breaking 10.52 billion malware attacks, including ransomware and cryptojacking, were registered by SonicWall. Both forms of attack take over vital company resources. Ransomware locks down data and PCs, and cybercriminals demand money from their victims to unlock them. Cryptojacking secretly takes over your PC’s processing power, at times greatly slowing it down and affecting your productivity.

At worst, businesses and governments have lost billions of dollars due to malware that exploited outdated software. Case in point: ransomware like Wannacry, Petya, and NotPetya in 2017 shut down hospitals, banks, phone companies, and many other organizations running out-of-date software.

In 2018, the cryptomining malware called WannaMine halted the operations of several companies for up to several weeks. The infection moved laterally across networks, identifying and exploiting vulnerabilities in machines not properly patched or secured.

Upgrading is essential but not enough

Upgrading operating systems to their very latest version and keeping them patched is smart. It may not solve security problems entirely, but it maximises your business’s chances of withstanding or defending your systems against an attack.

Another case in point: during the Wannacry attack, a spokesman for Microsoft said that “…customers who have Windows Updates enabled and use the company’s free antivirus software are protected.”

To be clear, supported software like Windows 10 just gives you access to the latest security patches. On top of that, one needs to pay more attention to the things you should be doing already. For instance, an organization should take stock of all security software in use and keep them up to date. All other applications should be updated as well.

Also, employees should be aware of security measures, especially with phishing attacks, the number one cause of data breaches, and with email, the number one attack vector for malware. Your staff should be trained regularly to use computers and the internet safely, continually informed of current threats, and regularly tested with simulated attacks.

Lastly, you can partner with a managed services provider (MSP) who will not only guide your organization in the transition from Windows 7, but can also provide a robust security environment to protect your infrastructure and enhance your business operations. We at Hudson Valley IT Services have expert IT professionals for security compliance, data protection, application services, risk management, identity and access management, cyberthreats, mobility, cloud, and incident planning and responses, among others. We actively look after our partners’ safety and resilience. Talk to us today.