End of support for Windows XP scheduled for April 8 will expose many small businesses to security breaches as vulnerabilities are made public, but patches are no longer available. Any vulnerabilities found in Windows XP will not be fixed by a security update and Microsoft will also discontinue any technical support, meaning SMEs running XP will be at serious risk of infection.
With more than 500 million machines still running XP at the end of 2013, many small businesses are set to be affected by this change. Migrating to alternative OS’s such as Windows 7 and 8 is costly and time consuming. With limited budgets and IT expertise, many small businesses have found it challenging to manage a platform shift of this size.
In fact, the number of machines using XP actually increased in January to 29.23% of all machines (from 28.98% in Dec), revealing the extent of the migration challenge.
A high number of companies have a significant investment in Windows XP with business critical applications that can only run on this operating system, making the decision and process to migrate difficult. Many retailers have yet to make the switch with a number of legacy systems including point of sale (PoS) systems only supported by Windows XP, leaving these business exposed to data breaches if steps are not taken now.
Without any additional security, Windows XP is already 21 times more vulnerable to malware than Windows 8, and the security risks will only increase after April 8. It’s important that the many small businesses continuing to use XP take steps to mitigate their risk:
- Remove ‘admin’ privileges from standard users to reduce the risk of unwanted applications, including malware, being downloaded on unsupported legacy systems, like XP. No one apart from your IT organisation should have ‘admin’ rights, as an example.
- Enable storage and buffer overflow protection. Unsupported operating systems such as XP are more vulnerable to zero-day attacks (a type of attack that takes advantage of computer vulnerabilities where this no current solution) which means business must make use of intrusion prevention systems such as McAfee Host IPS.
- Deploy dynamic whitelisting techniques which allow only ‘known good’ applications to execute. Whitelisting reduces the need to constantly chase software updates and patches (including Microsoft patches and security updates), to keep up with the ever increasing tide of malicious software. Instead, if an application is not on the whitelist, it is prevented from executing, is reported and the endpoint remains safe.
- Use real-time visibility to quickly identify and remediate attacks. There are tools to collect endpoint security statuses instantly, helping businesses to identify and remediate attacks attempting to exploit XP vulnerabilities.
As the end of support for Windows XP looms, it is important that small businesses are aware of the security implications of this transition and face up to the security challenges ahead. Many small businesses lack the IT spend, the manpower and the infrastructure to easily execute a migration of this size. And on top of this, there are serious concerns around application compatibility for critical business systems. Until these small businesses have worked out their migration strategy, security measures must be extended to ensure cybercriminals don’t exploit the vulnerabilities made possible with XP End of Life.