Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Here’s Why the 20th Anniversary of Windows XP’s Release Is Scarier Than It Sounds

32 percent of organizations still have at least one Windows XP device connected to their network

by The Gurus
October 31, 2019
in Guru's Picks
Windows XP
Share on FacebookShare on Twitter

It may be hard to remember today, but when Windows XP was released on Oct. 25, 2001, it was a revelation. Aimed at both consumers and businesses, it married a user-friendly interface with reliability, replacing clunky and crash-prone Windows 2000. When upgrades to the system became available in the ensuing years, many businesses and individuals decided they had sunk too much time and money into XP-compatible hardware and training to make switching worthwhile.

In fact, according to a 2018 Spiceworks report, 32 percent of businesses still have Windows XP installed on at least one device in their network. As we approach the 20th anniversary of XP’s release, we’re seeing the full consequences of the continued use of this out-of-date, unsupported operating system by users around the world.

XP usage is just one of many data points that illuminate the perilous networked landscape we inhabit today. That’s why Verisk has identified digital vulnerability as an emerging global risk as criminal and state agents exploit these outdated systems for nefarious ends. By looking at the numbers behind these seemingly small lags in cyber security, we can see the true threat digital vulnerability poses in modern life.

Here’s how one computer in the Accounting department running an outdating operating system could impact your business (or government, or family). One Friday in May of 2017, a ransomware attack began with an initial infection in Asia. Within one day, 230,000 computers in more than 150 countries were infected.

By the time the Wannacry ransomware attack—as it is now known—was over, economic losses were estimated to run from the hundreds of millions to up to $4 billion. And the attack could have been worse had its creators (believed to be North Koreans agents) chosen to target vital infrastructure. That wasn’t the end of it: Just this May, Microsoft released a patch for Windows XP, which it stopped releasing updates for five years ago. As Wired magazine reported, “The last time Microsoft bothered to make a Windows XP fix publicly available was a little over two years ago, in the months before the WannaCry ransomware attack swept the globe. This week’s vulnerability has similarly devastating implications.”

I’m not saying that XP is behind the world’s growing cyber-vulnerability crisis: it isn’t. Microsoft has been pushing users away from the program for years, and those using the operating system today make up a tiny fraction of networked computers. What’s clear is that currently, our patch cadence—the speed at which vulnerabilities are addressed—lags behind the pace at which malicious actors are identifying weaknesses; that these attacks are getting more audacious and more costly; and that relatively few people realize the connection between cyberattacks and what are often viewed as benign digital security lapses. Too often, it is the well-meaning employee or technophobic grandfather who accidentally allows criminals into what should be a tightly guarded digital sphere.

This doesn’t mean that a future of Wild West lawlessness in the digital world is inevitable. While both criminals and nefarious state actors are becoming savvier in their attacks, policymakers and cybersecurity experts are also redoubling their efforts.

On Oct. 2, 2019, the U.S. House of Representatives passed the Cybersecurity Vulnerability Remediation Act, which amends the Homeland Security Act to include that “the director may, as appropriate, identify, develop, and disseminate actionable protocols to mitigate cybersecurity vulnerabilities, including in circumstances in which such vulnerabilities exist because software or hardware is no longer supported by a vendor.” This move attempts to address the problem identified here, and other state and federal laws are beginning to gain momentum in this area.

However, to effectively combat bad actors online, we must change public perceptions of cyberattacks. As I wrote for the Verisk Risk Report, cyberattacks must be seen as a hurricane in the Caribbean during storm season, when they are too often viewed as an earthquake in New York City: unpredictable, devastating, and unlikely to reoccur.

This year is on track to be “the worst year on record” for breach activity, with 4.1 billion records exposed as of June 30, according to a mid-year report by QuickView. Compared to the previous year, the number of breaches was up 54 percent. Today, we have an unprecedented view of the problem we face thanks to the power of data analytics and its impact on risk assessment. We need to use this power to better inform every citizen of how they can help protect their communities through simple actions, like not snoozing that security update for one more day.

Humans have always used data to understand patterns and influence future events. We’ve collected the data; we see the upwards trend of increasing digital attacks; now, we need to start preemptively educating people how they can influence this situation going forward.

Whether they work in a café, a bank, or a hospital, no conscientious employee would leave a door propped open when leaving work for the night, nor would they hand out security codes to shady strangers on the street. That is because we are all trained in the basic security protocols of the physical world. Now that we can understand the scale of the problem, it’s time to bring this training into the digital era, to ensure a secure and resilient future for all, offline and on.

Prashant Pai is vice president of cyber offerings at Verisk (Nasdaq:VRSK), a leading data analytics provider.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Why is working culture so important for the benefit of the business?

Next Post

Four principles for security metrics

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information