Let’s say you drive a car that is nearly twenty years old (maybe you do), and then the car manufacturer says they will no longer make parts for your car. Normally, such a scenario works out fine, since you can still buy third-party parts or used parts and your mechanic has easy access to those.
But then data is released that shows your car can easily be broken into. (Not so far-fetched, since certain models of cars from about that era top the list of most frequently stolen vehicles on the road).
Who would be responsible for increasing the security to protect your older car? Would the manufacturer need to reissue locks for models they no longer make or support?
Well, if we are talking about security updates for older operating systems, the answer is yes. At least, Microsoft has…but let’s consider it was out of the goodness of their hearts since it was not a response to a court-ordered action or some other necessity.
The Biggest Cyber Security Breach Ever
Microsoft first released Windows XP in 2001. Even after newer operating systems were released, Microsoft provided updates, including important security support, for XP. Finally, Microsoft announced it would discontinue technical support of Windows XP, as of April 2014. Only those customers who purchased custom support would still receive support for some of those older Windows platforms, including XP.
And in case it’s news to you, “software updates” means security updates since most updates are really just about patching newfound security flaws.
Yet, despite the lack of support, millions of computers around the globe still relied upon Windows XP, as evidenced by the biggest cyber threat of all time: the WannaCry virus (also called WannaCrypt). This ransomware was largely unsuccessful, since flaws in its system allowed for easy cancellation and it reportedly made only a meager $140,000 (small potatoes in ransomware world).
Still, the cyberverse practically came to a screeching halt when this reportedly-NSA-created security flaw leaked.
The security flaws exploited by WannaCrypt were already known by Microsoft and security experts. Updates to supported software already patched the security flaw. But Windows XP landed squarely in a support vacuum, having not been updated for at least three years by the time the virus struck.
Microsoft responded by issuing security updates for all operating systems, even Windows XP.
In their blog, Microsoft admitted, “we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only.”
In another post, Microsoft issued security guidelines for all users, guidelines that should be considered standard operating procedure for all computer users in this modern era, such as:
- Backing up files regularly
- Not clicking on harmful links
- Not visiting unsafe websites
- Being wary of e-mail messages with similar names, but slight alterations
- Having the latest computer updates
Even with these warnings and security patches issued, it will be up to users to make updating a priority.
Get Top-notch Protection
Microsoft and other developers take measures to protect their product platforms. For such companies, it is a matter of maintaining customer trust. But ransomware continues to gain popularity with threat actors, prompting The Washington Post headline, “The next ransomware attack will be worse than WannaCry.”
Security updates and remote support of operating systems by the manufacturer are not always enough.
For a custom threat analysis report for your business, contact us. We will analyze the most pressing industry-relevant threats and can create a custom action plan to mitigate such cyber security threats.