You may have heard that running Windows XP or Windows Server 2003 after Microsoft stopped supporting them is a dangerous idea, but do you understand why it’s so dangerous?
Let’s get real!!
“... But you can’t sunset this system... it only runs on windows XP.”
“The new system doesn’t do everything the old system did... so we need to keep it alive forever.”
If your organization is running any Windows OS that is no longer supported by Microsoft, every Patch Tuesday exposes those systems to possible further vulnerabilities that can only be addressed by work arounds and/or extra work by the IT and IT Security Teams. Hackers review the release notes from Microsoft related to vulnerabilities they are fixing. Hackers then go and look at the code of the unsupported Windows OS to determine if that vulnerability exists there as well. If it does, (a lot of the Microsoft code is shared across all versions they then have a way to exploit these vulnerabilities with no code-based fix coming from Microsoft ever!!
The truth is, making technology work and stay working is multifaceted and complex. This complexity, coupled with the hesitance for change and new technology can make IT security very difficult. While technology changes, company budgets for this area are not. These factors make it harder to detect, respond and mitigate to vulnerabilities at a proactive level.
With education and understanding of the threats and risks at all levels of the organization, support for these changes will increase. A change in workflow can be a difficult and an uncomfortable prospect for some employees. Creating a security education program and enlisting the help of “Security Ambassadors” (members of the business that are interested in IT Security) is very helpful. These Security Ambassadors can help with education, training and bringing awareness to their own departments. This helps make the message a little more meaningful and personal and in turn making the change a little more acceptable.