If you haven’t heard yet, Windows XP will no longer be supported after April 8, 2014. That’s just a couple of weeks away! Why should you even care? Well, because you may have an important, or even mission-critical, computing device you use for your business, or for personal use, that is running on Windows XP. According to NetMarketShare at the end of February, 2014, 30% of all folks using Windows desktop computers were still running Windows XP. This is around ½ a BILLION computers, folks! After support ends, there could be some bad consequences for all these folks. It is time to take action now. Not sure if you’re running XP? Go to this cool little site and it will tell you: http://amirunningxp.com/.
Are Just Computers Impacted?
It is not just laptops and desktop computers that will be impacted by this cancellation of XP support. Here’s just one of what could be thousands of examples. Over the past year I’ve been working closely with a huge medical devices group. Don’t have a heart attack (especially if you have a pacemaker running on XP), but based upon what I’ve learned during that time, I anticipate the percentage of medical devices running on XP is an even greater percentage than the percentage of devices provided in the opening paragraph.
Several months ago many of the medical device manufacturers in the group I belong to indicated they also use embedded XP for the graphical user interfaces (GUIs) to medical devices, and also use XP to provide a link to external databases (containing vital medical data collected and used by the devices). So many medical device makers use XP because:
- When the medical devices were created, XP was the newest OS being used, and Microsoft had promised to support Embedded XP for “many more years.”
- Embedded XP configurations were considered back then as a method of making it difficult for a wide range of viruses to affect the medical devices.
- A large portion of medical devices were coded with C#/.Net, and there was often legacy C++ code that they wanted to continue using on XP.
It also makes sense that there are large numbers of medical devices running on XP since, generally, medical devices have very long life spans; 10 – 20 years is not uncommon, and makes sense when you think about how they are used.
The discontinued support of XP will mean that medical devices running on, or connected to, XP devices will no longer receive security patches to protect them from viruses, spyware and other malware, and there will no longer be technical support available from Microsoft for these devices. This leaves them vulnerable to malware, hacking, software errors, and crashing; which is not a good thing if you are depending upon the medical device to continue your life. (This isn’t the first time this type of medical device OS situation has been experienced, though. There are still medical devices running on Windows 95 and Windows 98.)
This also leaves the medical devices non-compliant with HIPAA technical requirements to secure devices with PHI. Would you like a multi-million-dollar fine with that? You could get it.
Here are just a few other types of devices that will be impacted if they are still running on, or controlled by, XP OS’s: ATM machines, utility grid controllers, government computing devices, military computing devices, security locks on doors/buildings, cloud services, and more.
What Kinds of Bad Things Could Happen?
NOTE: Clarification added in 3rd bullet on 4/3/2014. More to come in the next blog post.
There are many bad things that could result from discontinued XP support. Here are a few of them:
- As new exploits of the XP OS are discovered, your system and data will be vulnerable to viruses, spyware, data grabbing, and other nasty and new malware. And there will be no patches for the OS to protect against them.
- The creation of “zero day” malware is expected to increase, since the cyber thugs know no one will be fixing the OS any more. This could quickly bring down the XP machines, as well as potentially spreading the viruses to all the other computers that they communicate with and to which they are attached.
- Continued business operations on XP devices could result in non-compliance with a wide range of regulations and legal requirements (e.g., HIPAA, GLBA, PCI-DSS, etc.) to keep computer systems secure, based upon your plans to upgrade, and the risks presented by the associated machine/XP system. Non-compliance can lead to costly fines, business penalties, bad publicity, and a completely ruined business brand and reputation.
Bottom line for all individuals and businesses…
Don’t be penny-wise and business-dollar-foolish, thinking it will cost too much to upgrade your XP system to a fully-supported OS. You are gambling with your data, your customers’ information, your business reputation and your income by doing so.
If you’re running Windows XP, support stops April 8, 2014. Upgrade to a new, supported OS now!
This post was written as part of the IBM for Midsize Business (http://Goo.gl/t3fgW ) program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.
.
.
< !– Start of StatCounter Code for Default Guide –>
Tags: awareness, compliance, cybersecurity, data protection, IBM, Information Security, infosec, midmarket, non-compliance, personal information identifier, personal information item, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, surveillance, training, upgrade, Windows XP, XP upgrade