2020 Predictions: 90pc of FTSE exposed to Win 7 end of life

On January 14th, Windows 7 will reach its end, and applications on legacy Windows operating systems will no longer be supported. And, according to recent research from Cloudhouse, this could expose over 90% of UK FTSE 250 and 100 companies to security vulnerabilities.

When a piece of software reaches end of life and no longer receives patches, any vulnerabilities that remain in that software often become a common target for malicious actors. And it is safe to assume that malicious actors will know.

Should malicious activity become common on a specific platform, it is likely that regulatory attention will then follow. The GDPR requires that data controllers take “appropriate technical and organisational measures” to ensure the security of personal data and to guard against its loss, damage or destruction. Entities may also be subject to security requirements under the Network & Information Systems Regulations or other sector specific regulation. One of the first lines of defence to malicious activity is to seek to avoid the exploitation of vulnerabilities in software by keeping that software patched and updated. Taking such steps can also be key to demonstrating that appropriate steps are being taken to protect data and seeking to satisfy any regulatory scrutiny in the event of an incident.

Entities should be carefully assessing their use of end-of-life software and taking steps to mitigate the threat that any ongoing use of software in an end of life state may present. Those entities that fail to do so may find themselves having very difficult communications with their customers, regulators and other related stakeholders in the event that any vulnerability is exploited in an operating system after it has reached end of life.

Security is constantly evolving, and it is a certainty that various further security challenges will present themselves in 2020. However, where a high profile event occurs such as a major operating system reaching end of life, it is worthy of specific attention. In 2020 we expect that attention to come from malicious actors and regulatory bodies alike, and so it is a necessity that the users of any such operating system give it the same attention. It is worth noting that the National Cyber Security Centre often publishes information about new vulnerabilities. Over the course of 2020 we may see specific output from them on the issue, too.

    Share Story:

Recent Stories