Microsoft has announced that Windows XP will reach “End of Support” after April 8, 2014. End of Windows XP support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance. Without Windows XP support, customers with Windows XP will no longer receive security updates that can help protect Personal Computers (PC) from harmful viruses, spyware, and other malicious software that can steal critical and confidential data.
This opens the doors to hackers, staggering potential liabilities and governmental compliance issues.
How Widespread is the Potential Risk?
Launched in 2001, Windows XP was the most widely used Microsoft PC software until Windows 7 took over its supremacy in 2012. The Microsoft End of Sales date for PC’s running Windows XP was October 22, 2010. That means that there are a lot of computers running Windows XP and counting on Windows XP support to be there.
The Potential Risk is Severe.
Microsoft estimates that the infection rate for unsupported Windows XP software will be 6X higher than Windows 8. Microsoft is also estimating that after April 8, 2014, the chance that malware will infect PC’s running Windows XP could jump by two-thirds.
Hackers can cause significant damage by smuggling programs onto computer networks, or by gaining access to PC files to steal personal information like customer addresses, credit card numbers obtained from payment processing, and employee files. Windows XP support will not be there to lean on should this situation arise.
Retailers with Point of Sale (POS) and other payment processing systems running on Windows XP will cease to be PCI compliant on April 8, 2014.
PCI compliance directly relates to the security of payment processing, as well as customer and employee information. StorefrontBacktalk points out “PCI DSS Requirement 6.1. This requirement states merchants must: “Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Install critical security patches within one month of release.” Once an operating system (or an application) goes past its end-of-life, the vendor does not keep an eye out for new vulnerabilities or release any new security patches.”
The average direct cost of a PCI security breach is $80,000 per location. This cost is almost always born by the retailer/franchise since insurance will not cover a PCI compliance failure. This does not even take into consideration the negative publicity associated with a breach and its impact on future revenues.
Even more startling, businesses that are breached typically must stop payment processing credit and debit cards for as long as two months while clearing up the damage of the previous breach. Without payment processing, is it any wonder that 70% of breached businesses are out of business within one year of the attack?
Hacking is Serious Business.
Hacking is no longer an amusing way for ultra-smart computer people to have a little fun.
According to Tom Rains, Microsoft’s Director, Trustworthy Computing; “Today’s cybercriminals aren’t the hobbyists we saw developing malicious software from their basements in the 1990s,” said Rains. “Cybercriminals today are no longer motivated by fame and notoriety; they are well funded underground organizations, often with advanced capabilities that include large-scale malware automation, who are motivated by profit or seek to cause real financial or political harm.”
Hacking into your unsupported Windows product is just the opportunity that they have been waiting for.
What Should Your Business Do?
Plain and simple: to protect your data, you will need to migrate off of Windows XP and onto a new version of Windows, and the sooner the better! Newer Windows versions such as Windows 7 or Windows 8 continue to be supported and feature frequent Windows security patch updates to protect your data.
Contact TIE’s account management team at 630.301.7444 to find out what measures can be taken to replace Windows XP, increase your data security, ensure ongoing PCI compliance or any other technology challenges. Feel free to also visit our website at www.TieNational.com.
For more information, please consider reading the following links used as sources for this blog: