Virtualization Technology News and Information
Preparing for the end of Windows 7 and the onset of new ransomware

Written by John Abel, CIO, Veritas

Over the past few years we have seen ransomware sink its claws into just about everything - from personal computers to public sector records. And soon enough, we might get another wave of ransomware attacks when Windows 7 reaches its end of life on January 14, 2020.

Studies are finding that 26 percent of PCs are expected to still be running the Microsoft software after support for patches and bug fixes ends, which can leave these devices vulnerable to attack. This shouldn't be news to those organizations running Windows 7 - Microsoft ended mainstream support in 2015 and gave users five years to ready themselves for the software to reach end of life. And you can bet attackers are counting down the days too. Any person or business still utilizing the OS should be aware of the upcoming end of life and adapt their IT systems to safeguard themselves against ransomware risk, which we have seen be particularly disruptive to businesses.

When the WannaCry virus hit PCs in 2017, Europol estimated that 200,000 devices in 150 countries, running older, unsupported, software became infected with the cryptoworm. Although the ransom payment was quite low at just $130,000, businesses felt a heavier impact with billions of dollars' worth of productivity, data, and corrupted hardware lost.

WannaCry was a clear example of the dangers that businesses can face when they are using software that has reached end of life. This type of ransomware attack tends to have a disproportionate effect on organizations that can afford ransoms least - for example, we saw high-profile attacks on public sector agencies in 2017. So, it's critical for those running Windows 7 to act now and put plans in place to ensure they are able to protect themselves. Organizations need to understand their data and make sure that information is being stored in the right place where it can be protected and made available when needed.

If you're still running Windows 7, it is imperative to prepare your organization to avoid the impact that vulnerability to ransomware could have on your organization.

Here are five tips that can help navigate the challenge:

  • Educate employees: The biggest risk to data is an employee saving it to unprotected locations. Ensure that users are following best practices data storage so it can be properly secured. Saving valuable data to centralized servers, data centers or to the cloud can help reduce risk.
  • Evaluate risk by understanding your data: For enterprises, insight software solutions can help to identify where key data lives and ensure that it complies with company policies and industry regulations. This is critical not only to identify the challenges but also to prioritize the recovery process.
  • Consider a software upgrade: This might not be realistic for the short term, but should be considered going forward as a longer-term strategy. For enterprises, the most sensible solution might be simply to upgrade to an operating system that has ongoing support.
  • Run patches while you can: According to the Ponemon Institute, 60 percent of respondents who experienced data breaches did not make good use of the patches that were available to them. Businesses should at least make sure they are as up-to-date as they can be, while they can. Users will also be able to buy "ESUs" from Microsoft to access patches during their migration to newer software.
  • Ensure data is backed up: Ransomware relies on the idea that paying a ransom is going to be the only or cheapest way to regain access to your data, yet research shows that less than half of those that pay up are actually able to recover their data from cyber criminals. Veritas advocates the "3-2-1 rule" where data owners have three copies of their data, two of which are on different storage media and one that is air gapped in an offsite location. With an air-gapped data backup solution, businesses have the safer, and more reliable option, of simply restoring their data.

As we inch closer to the January 14 timeline, it's critical for organizations to make use of the limited time they have left to prepare for Windows 7 end of life.  With all of the tools and services available to ensure data is properly backed up and secured, your organization will be protected if ransomware comes calling.


About the Author

John Abel

John Abel is SVP and Chief Information Officer (CIO) at Veritas. In this role, he is responsible for leading and transforming the Information Technology function for Veritas, including its infrastructure, systems, processes, and security.

Throughout his career, Abel has led a number of transformations of the IT business function, with an excellent record of achieving business results by developing strong business relationships, building high quality teams, and providing best-in-class services.

Abel holds a bachelor's degree in Information Systems from Staffordshire University in the United Kingdom.

Published Tuesday, January 07, 2020 7:32 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2020>