25% of PCs “more vulnerable to ransomware from January 2020” warns Veritas

PCs still running Windows 7 when the operating system reaches end of life on Tuesday 14 January will be significantly more at risk of ransomware, Veritas Technologies has warned. According to experts, 26% of PCs are expected to still be running the Microsoft software after support for patches and bug fixes ends.

The vulnerability to ransomware of PCs running unsupported software was demonstrated by the WannaCry virus in 2017. Despite supported PCs being pushed patches for the cryptoworm, Europol estimated that 200,000 devices in 150 countries running older and unsupported software became infected by WannaCry.

Although just $130,000 was paid in ransoms, the impact to business is understood to have run into the billions of dollars due to lost productivity, lost data and corrupted hardware.

Microsoft ended mainstream support of Windows 7 in 2015, giving users five years to ready themselves for the software to reach end of life.

Veritas Technologies is urging businesses running Windows 7 to prepare themselves in order to avoid the impact that vulnerability to ransomware could have on their organisations, and is offering five tips that could help to navigate the challenge:

*Educate employees – the biggest risk is to data that employees save to unprotected locations. Ensure that users are following Best Practice for where to save data so that it can be secured and consider running a simulation. Saving valued data to centralised servers, Data Centres or to the cloud can help reduce risk

*Evaluate risk by understanding your data – for enterprises, insight software solutions can help to identify where key data lives and ensure that it complies with company policies and industry regulations. This is critical not only to identify the challenges, but also to prioritise the recovery process

*Consider a software upgrade – this isn’t going to be practical for large enterprises in the time available, but it could well be part of a longer-term strategy. For SMEs, the most sensible solution might be simply to upgrade to an operating system that has ongoing support

*Run patches while you can – according to The Ponemon Institute, 60% of respondents who experienced data breaches did so despite a patch to prevent breaches being available to them. Businesses should at least make sure that they are as up-to-date as they can be while they can. Users will also be able to buy ESUs from Microsoft to access patches during their migration to newer software

*Ensure that data is backed up – ransomware relies on the idea that paying a ransom is going to be the only/cheapest way to regain access to your data, yet research shows that less than half of those that pay up are actually able to recover their data from cyber criminals. Veritas Technologies advocates the ‘3-2-1 rule’, where data owners have three copies of their data, two of which are on different storage media and one is ‘air-gapped’ in an offsite location. With an air-gapped data back-up solution, businesses have the much safer and more reliable option of simply restoring their data.

Ian Wood, senior director for EMEA cloud and governance business practice at Veritas, said: “WannaCry was a clear example of the dangers that businesses can face when they’re using software that has reached end of life. This month, a quarter of all PCs are going to fall into this category so it’s vital that those organisations reliant on Windows 7 are aware of the risks and what they need to do to mitigate them. This type of ransomware attack tends to have a disproportionate effect on organisations that can afford ransoms least. For example, we saw high-profile attacks on public sector bodies in 2017. It’s critical for those running Windows 7 to act now and put plans in place to ensure that they’re able to protect themselves. Organisations need to understand their data and make sure that information is being stored in the right place where it can be protected and made available as and when needed.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts