Windows 7 reaches its end of life date, potentially leaving almost a third of all
online users vulnerable to emerging threats.

 

Windows 7 End of Life Prompt

 

In October of last year Microsoft announced that they would no longer be supporting Windows 7, prompting all users to upgrade to Windows 10. Last week this decision went into action with Windows 7 reaching its end of life date on the 14th of January - of course this doesn't mean that the Windows 7 system will stop working all together, but without regular security testing and support from Microsoft, users are now extremely vulnerable to cyber criminals who will be ruthlessly searching for software vulnerabilities to exploit.

The most recent reports from NetMarketShare show that the operating system is still being used by over 30% of all PC users, many of which are undoubtedly business accounts. Over recent years the tug-of-war between Microsoft and hackers over Windows 7 has been ongoing, and the high publicity over this recent change is sure to garner lots of attention - and knowing that the OS will be receiving no further updates or patches to thwart their malicious efforts, we will likely soon see this criminal activity surge in numbers.

 

What exactly are the risks?

Without patching from Microsoft's side, any flaws in the OS from this point on cannot be fixed, thus creating gaps within the system for viruses and malware to creep in. Ransomware and other malicious softwares would have increased likelihood of infiltrated effected devices, and once deployed would be able to disrupt or obtain personal and/or financial information and even spy on user activity.

To give a real world example, the WannaCry outbreak in 2017 still stands as one of the most memorable ransomware attacks of all time, which compromised NHS hospitals across England and Scotland as a result of unpatched versions of Windows 7, as well as the earlier Windows XP which Microsoft had stopped supporting at the time. Had the targeted vulnerabilities been patched as needed, this large-scale attack that is still highly discussed today may have been avoided completely.

 

What are next actions for those with a Windows 7 PC?

Although Windows 7 devices will still function, the security of them is unknown, and is of no priority to Microsoft, meaning their security will continue to diminish. In terms of maximising security, upgrade is the only option. Now more than ever, Microsoft urges users to upgrade to Windows 10 – a safer environment, with regular support and updates. Ideally, Microsoft mention this would be on a new PC, as the smooth running of the software is not guaranteed on an outdated device.

Warnings have been published regarding the continual use of Windows 7 after the end of life deadline, with the National Cyber Security Centre advising Windows 7 users to avoid any internet banking or emails on their devices, as this may likely lead to a data breach.

'We would urge those using the software after the deadline to replace unsupported devices as soon as possible, to move sensitive data to a supported device and not to use them for tasks like accessing bank and other sensitive accounts' – National Cyber Security Centre.

Indeed, some businesses will continue to use apps which heavily rely on Windows 7 software, and in these cases companies can request that Microsoft continue to relay updates regarding the Enterprise and Professional components of the software. However, this service does of course come at a price, and will only be available until 2023. Prices for this service vary, ranging from £19 - £200 per device, and are set to increase - again, prompting upgrade. For larger businesses in particular, this service may cost a large amount, perhaps more than an upgrade would be.

 

What else can be done to combat inbound threats?

Altinet's in-house technical team are highly experienced in aiding Office 365 users in ensuring their environments are fully secured to mitigate the risk of successful attacks exponentially.

Our Complete Office 365 Protection Stack combines a handful of Altinet's products and services to create 5 layers of protection: Gateway Defence, Resilience, Inbox Defence, Security Awareness, and Incident Response.

Combined, these security layers work together to provide users with the most effective and easy-to-use solution for their O365 mailboxes and data, simplifying the migration process and assisting with ongoing management thanks to the centralised Cloud Control portal.

For more information on the Complete Office 365 Protection Stack download the White Paper here.