Last fall, Microsoft announced that it would be ending support for Windows 7 on January 14, 2020. This has come into effect. Windows will no longer release any updates for the Windows 7 operating system – including crucial security patches.
Microsoft did say it would offer a paid service for Windows 7 Extended Security Updates (ESUs) on a per-device basis, but even this program has limitations. The program is only available for larger clients to extend their current security coverage. This includes large businesses, government operations, and educational services. Second, the program caps out after three years, ending in 2023. Finally, the price for the ESU will increase in the following year.
Source: Support for Windows 7 ends in January 2020, Microsoft. Accessed January 22, 2020
Microsoft’s Windows 7 has a myriad of security flaws including a zero-day vulnerability. Yet, despite the flaws, Windows 7 is one of the most-used operating systems among businesses at 32.74% of operating system share. Without continual security updates, users of Windows 7 will be at risk for more sophisticated probing and hacking tools. It remains critical to update and assess your security programs regularly.
Try to update your security systems to the newest versions when possible. These versions are up to date with the latest security features and are based in response to innovations so they can better respond to threats.
The cost of remaining on Windows 7 will also begin to add up. If it is not possible to upgrade for operational reasons, consider this example in Germany.
Germany’s federal government has already paid close to one million euros in ESUs to Microsoft for the continued use of Windows 7, and it’s still operating thousands of computers on Windows 7. This is not only a security risk – since the system will no longer be receiving any updates – but also a financial burden. Germany’s federal government has at least 33,000 computers still operating on Windows 7. This number of computers operating Windows 7 will end up costing over €800,000.
For North American companies, at around US$25 to $50 per device in the first year, the fees will add up similarly. It is estimated that it would cost $500,000 for an enterprise running 10,000 machines in the first year. Furthermore, the ESU fee is cumulative and will increase for each year a user does not update to a newer Windows version. In the third year alone, this will cost a business around $100 to $200 per device.
The percentage of current Windows 7 users in Germany is comparable at 19.77% to North America’s 19.61%. This means that North American businesses are likely to pay far more – accounting for population – over the coming years in ESUs. With around 200 million PCs worldwide still running Windows 7, the costs businesses pay for ESUs will be staggering.
Current Windows 7 users should consider both the fiscal and security consequences of not updating to a newer version of Windows.
By exploiting a five-year-old configuration error, a hacker was able to access Amazon’s S3 cloud storage buckets on which Twilio’s code was loaded. As a result, customers were able to unknowingly download the modified code for twenty-four hours.
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
Microsoft recently previewed the specific features to tackle data security and risk management for end users with Microsoft Endpoint Data Loss Prevention (DLP) and Double Key Encryption. The reason for the launch? The increasing shift towards a remote work environment and a need to mitigate the accompanying risks.
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
To bolster and broaden its data privacy capabilities for end users, cyber and data protection vendor Acronis has acquired DLP player DeviceLock. The acquisition aligns with the increasingly prevalent role that data privacy plays in cybersecurity.
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
Navigating the vendor risk management space, particularly in the current environment that consists of a mix of cloud, managed services, and critical supply chain, is key to ensuring that you don’t inadvertently introduce new risks through this dynamic channel.
On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.