Table of Contents
As the Windows 7 end-of-life date came into effect in January 2020, moving on to Extended Security Updates (ESUs) proved to be a business necessity for many to enable a basic level of protection against the worst emerging cyber threats without upgrading the operating system. It’s now the last stay of execution for businesses entering the final year of a Windows 7 ESU plan. From January 2023, the three year cycle will come to a close, meaning critical security patches will no longer be provided to businesses.
Running the risk
The importance of putting a plan in place with one year to go is paramount when considering the emerging cyber risks facing organisations. Attack types such as ransomware, where hackers hold organisations and potentially their customers and partners to ransom over sensitive data, is growing exponentially, while the newly released Allianz Risk Barometer lists cyber incidents as the most important global business risk for 2022 (44%).
By January 2023, any organisation failing to take action will run the risk of exposure due to the continued use of a known vulnerable operating system that cyber attackers can exploit. The results of such an attack could be truly disastrous, ranging from significant financial implications to data breaches which could threaten the organisation’s existence.
As the third year of Windows 7 ESUs come into play, businesses in this position today have already had to spend significant amounts of money. The cumulative nature of how these patches are provided by Microsoft means that organisations have had to invest in each ESU since 14th January 2020, making it vital to use this remaining year to ensure the risks of continuing to use ESUs, and subsequently an unsupported system, are avoided.
Avoiding business interruption
One of the key reasons that businesses haven’t employed a long-term solution and are now entering the final year of ESUs is the balancing of business priorities. No organisation wants to expose their operations to ransomware or other emerging threats, but the fear of upgrading to a new operating system such as Windows 11 and the impact this could have on application compatibility is very real, leaving many organisations stuck in a trap.
An old version of a critical application can force companies to stay on an outdated operating system version which then leads to security issues. The key is to break that coupling, which unshackles businesses from Windows 7 and also eradicates the need for ESUs. Businesses also then avoid any downtime or interruption which could lead to lost revenue.
Breaking the cycle
To break the chain, state-of-the-art tools provided by an end-of-life migration specialist like Cloudhouse can allow critical applications to be transplanted from outdated platforms and effectively placed into the latest Microsoft operating systems. Unlike application virtualisation or layering solutions, the application can be abstracted from the underlying platform, and the run time can be isolated and optimised for Windows 11 for example. Businesses then have access to a system which is regularly patched and updated while still ensuring effective use of the critical app. To enable best practice configuration moving forward, organisations are also able to use services that can identify what is non-compliant or out of date in their estate and achieve compliance.
Employing this approach not only secures the business against cyber risk, but eradicates the possibility of business disruption. A prominent example of where Windows 7 is likely to still be used today is in the context of desktop interfaces on terminals in a retail setting. This could involve up to 50,000 employees with little IT experience using a piece of software or an application on a daily basis, and it’s critical that it retains the same functionality and provides the same user experience that those workers are used to when updated to a new operating system. These tools allow businesses to do exactly that, meaning a reduction in costs that would have otherwise been incurred by extra training to use a new and completely different piece of software.
Back to basics
Businesses still running Windows 7 that choose to not take any action over the course of the next year will leave themselves critically vulnerable to major business disruption. For organisations in the public sector such as healthcare, periods spent offline due to a hacking event can prove to be a major hurdle in providing critical care services. For example, the hacking of the Newfoundland and Labrador health authority in Canada led to the use of inefficient paper-based backups for administration.
Patching of systems is security 101, and a basic requirement for businesses in the fight against cyber risks. Use of the right tools can enable organisations to be better prepared for the cyber threat with updated systems and compatible applications in place. We’ve undoubtedly entered a state of emergency with one year of Windows 7 ESUs left, but it isn’t too late for organisations to act.