Comprehensive software reviews to make better IT decisions
Windows 7 Reaches End of Life; Are You About to Pay the Price?
Last fall, Microsoft announced that it would be ending support for Windows 7 on January 14, 2020. This has come into effect. Windows will no longer release any updates for the Windows 7 operating system – including crucial security patches.
Microsoft did say it would offer a paid service for Windows 7 Extended Security Updates (ESUs) on a per-device basis, but even this program has limitations. The program is only available for larger clients to extend their current security coverage. This includes large businesses, government operations, and educational services. Second, the program caps out after three years, ending in 2023. Finally, the price for the ESU will increase in the following year.
Source: Support for Windows 7 ends in January 2020, Microsoft. Accessed January 22, 2020
Microsoft’s Windows 7 has a myriad of security flaws including a zero-day vulnerability. Yet, despite the flaws, Windows 7 is one of the most-used operating systems among businesses at 32.74% of operating system share. Without continual security updates, users of Windows 7 will be at risk for more sophisticated probing and hacking tools. It remains critical to update and assess your security programs regularly.
Try to update your security systems to the newest versions when possible. These versions are up to date with the latest security features and are based in response to innovations so they can better respond to threats.
The cost of remaining on Windows 7 will also begin to add up. If it is not possible to upgrade for operational reasons, consider this example in Germany.
Germany’s federal government has already paid close to one million euros in ESUs to Microsoft for the continued use of Windows 7, and it’s still operating thousands of computers on Windows 7. This is not only a security risk – since the system will no longer be receiving any updates – but also a financial burden. Germany’s federal government has at least 33,000 computers still operating on Windows 7. This number of computers operating Windows 7 will end up costing over €800,000.
For North American companies, at around US$25 to $50 per device in the first year, the fees will add up similarly. It is estimated that it would cost $500,000 for an enterprise running 10,000 machines in the first year. Furthermore, the ESU fee is cumulative and will increase for each year a user does not update to a newer Windows version. In the third year alone, this will cost a business around $100 to $200 per device.
The percentage of current Windows 7 users in Germany is comparable at 19.77% to North America’s 19.61%. This means that North American businesses are likely to pay far more – accounting for population – over the coming years in ESUs. With around 200 million PCs worldwide still running Windows 7, the costs businesses pay for ESUs will be staggering.
Current Windows 7 users should consider both the fiscal and security consequences of not updating to a newer version of Windows.
Want to Know More?
PHEMI is a data privacy solution focused on keeping data-processing activities secure by redacting information based on the role of the accessor. Thus, allowing such data to be used for multiple use cases without compromising privacy.
Kenna Security deployed their new data driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28th, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind.
“Connected reporting capabilities, control testing, real-time collaboration, cloud-based access, stringent security measure and permissions controls” are considered the leading factors behind CFGI offering Workiva to its clients.
We often hear that businesses are continually cyber insecure or under attack. However, recent penetration testing from Rapid7 shows that businesses are getting better at securing their networks against cyberattacks. While organizations continue to have exploitable weaknesses, attackers are having greater difficulty penetrating deeper into businesses’ networks.
Four zero-day vulnerabilities were discovered in IBM’s Data Risk Manager. While the vulnerabilities are concerning, more so is IBM’s response when addressed. The company simply stated, “It’s out of scope.” – meaning it had no intention to rectify or address the issue.
Will New IoT Security Frameworks Push Compliance Obligations to the Forefront of Security Discussions?
The Internet of Things is increasingly embedded with our daily lives. While these devices make life more accessible, for every new device, a new attack vector for cyberattackers is created.
Qualys VMDR Is Now Live: Increasing Security Threats Requires Strong Vulnerability Management Software
Qualys VMDR has hit the live market. Originally unveiled in February 2020 at Qualys Security Conference, VMDR is now publicly available as of April 16, 2020. Partnering with both large and small MSSPs, VMDR is designed to be scalable to any business enterprise and to automate the entire management cycle on all endpoints.
In March 2020, ZA Bank, Hong Kong’s first virtual bank, selected the OneSumX solution from Wolters Kluwer for regulatory reporting.
In a move to better respond to digital risk resulting from digital transformation and innovation priorities, RSA has updated the RSA Archer and NetWitness Platforms.