By Dillon Fornaro, Security Engineer, Kite Technology Group
Change is inevitable. With the rapidly growing and ever-changing field of technology, many businesses are finding it difficult to keep up which is putting them and their clients at risk. Consider that as of January 14, 2020 Microsoft ended support for Windows 7 and Windows Server 2008. Yet, we are seeing that these operating systems are still widely used. That is concerning, because as of that January date, Microsoft discontinued developing and distributing security patches and updates for those systems. That means, that to remain secure, agencies should have already upgraded their hardware to current operating systems like Windows 10.
Unfortunately, I find many organizations are resistant to upgrading their equipment and are delaying plans to upgrade. Why is that? Not surprisingly, they cite the investment costs associated with upgrading equipment. They also note a fear of disrupting operations. These reasons fail to account for the inherent security risks associated with continuing to use unsupported operating systems.
Many businesses don’t see themselves as a likely target given their relatively small size. As a result, they don’t feel it’s necessary to go through the hassle of upgrading equipment. However, thinking that the size of your business makes you an unlikely target is a major misconception. Today, malicious users and hackers aren’t necessarily targeting companies based on their name, financials, or status. They are now probing public facing systems that are out-of-date, easy to get into, and most importantly, easy to find. They can do this on a mass scale using a simple search engine. Yup, a search engine. There are multiple search engines on the web that are dedicated to finding and listing vulnerable public facing systems? For example, Shodan, the most popular of these search engines, can be accessed by anyone for free. All you have to do is type a public IP address into the search engine and if any known vulnerabilities have been associated with the address, they will be listed there. If none are listed there now, eventually they will be. It’s just a matter of time as security researchers are constantly updating the records based on their findings. Hackers are constantly writing programs to search through thousands of IP addresses, making the reconnaissance aspect of hacking a breeze and the probability of a company with out-of-date infrastructure being compromised very likely.
Improved security isn’t the only benefit of keeping your hardware up to date. Upgrading also results in your systems running faster and more reliably. It’s extremely important to have someone dedicated to the task of making sure your systems and software are up-to-date and staying informed on the known threats. Upgrade your hardware accordingly and make sure the software you are using is receiving the latest patches as they are released. While the costs may seem daunting, they pale in comparison to the total costs associated with a breach. These costs include costs to clean up, lost business productivity and sales, as well as damage to your company's reputation.
Microsoft has been consistently reminding the public about the Windows 7 end-of-life for quite some time now. The deadline has now already passed so, if you haven’t already gotten started, it is important to talk to your IT department or service provider now, to develop a strategy for upgrading your aging equipment. The longer you wait, the higher the risk that your business could be targeted.
Article also published in the September issue of Primary Agent magazine.