The Cyber Division of the US Federal Bureau of Investigation has published a new Private Industry Notification (PIN) that cautions organisations about the risks they face to their networks if they continue to use the Windows 7 operating system.
Windows 7 reached the end of its extended support cycle on January 14 this year, meaning that it no longer automatically receives updates for security-related issues. This means that as new vulnerabilities are found in the aging operating system, cybercriminals will have an increasing range of exploits to deploy against those still using it in their networks.
The notification summarises the dangers presented by continued Windows 7 use:
“The FBI has observed cyber criminals targeting computer network infrastructure after an operating system achieves end of life status. Continuing to use Windows 7 within an enterprise may provide cybercriminals access into computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered.”
It also highlights the necessity of upgrading to a more modern version, even if this may be problematic:
“Migrating to a new operating system can pose its own unique challenges, such as cost for new hardware and software and updating existing custom software. However, these challenges do not outweigh the loss of intellectual property and threats to an organization.”
The notification cites an open source report as revealing that in healthcare organizations, 71% of Windows devices were using an unsupported operating system. This concurs with research by Citrix that surveyed 98 UK NHS trusts, with 77 responding. It found that over 200,000 devices were still running Windows 7 at the end of last year despite its end-of-life date approaching.
The notification also mentions how, in a similar situation, healthcare organisations saw increased breaches after Windows XP reached the end of its support cycle in April 2014. For example, when the WannaCry ransomware attack disrupted many NHS services in 2017, it was thought that many devices were still running Windows XP. The notification notes that 98% of computers infected with WannaCry were running Windows 7, however, despite a patch having been available by Microsoft earlier in the year.
While it is possible to purchase an Extended Security Update (ESU) plan from Microsoft for Windows 7, this will only run until January 2023, at which point organisations will again face the same problem.
As noted by the FBI, running an unsupported operating system is not a risk worth taking. If you fear the consequences of upgrading to Windows 10, we at Pro-Networks can help. With our IT support and services, we can help by designing and installing a network that will serve you better in the long run, with our continued support. At the same time, we can also advise you on the potential benefits of using cloud-based solutions, such as replacing traditional versions of Microsoft Office with the cloud-based Office 365.