Kollective’s research found that 40% of businesses in the US and 66% of UK businesses still have devices running Windows 7. Those that remain on Windows 7 past January 14, 2020 will either have to pay Microsoft significant sums for extended support or will leave their systems open to cyberattack. In the case of those largest enterprises, with 10,000 or more devices, the fee to Microsoft could be in excess of $1.4m a year.
Commenting on the operating system reaching ‘end of life’, Dan Vetras, CEO of Kollective, said: “With Windows 7 now dead, these findings should be a major cause for concern within the enterprise. With many businesses missing the deadline to migrate to Windows 10, there could be some shocks in store as we go into the new year.
Those unprepared will potentially need to pay millions of dollars a year for extended support – but this is just the first step. Once businesses have migrated to Windows 10, they will need to continuously update their systems as part of Microsoft’s new ‘Windows as a Service’ model.
This means distributing increasingly frequent updates across their systems, more roll outs and more network congestion – something many IT departments will find impossible due to outdated infrastructure. If businesses fail to keep up with this rapid pace of change, they put themselves at serious risk of cyberattack.
With the deadline now passed, future proofing organisations for Windows 10 and future ‘as a service’ operating systems should be a number one priority – not just for IT teams, but for business leaders everywhere.”
To overcome the security concerns, Kollective recommends the use of an enterprise content delivery network (ECDN) to distribute the Windows 10 upgrade immediately and at scale.
Jon O’Connor, Solution Architect at Kollective, commented: “It took many businesses up to three years to move from XP to Windows 7 and we can expect a similar timeline for the move to Windows 10. While a lot of companies have migrated the majority of their systems away from Windows 7, being “almost there” isn’t good enough.
It only takes a handful of unsecured devices to launch a full-scale cyber-attack, so having even one or two Windows 7 PCs on your network could pose a serious risk. IT teams need to know for certain that every single device on their networks is off of Windows 7 — but the reality is that most simply don’t know.
While our best suggestion is to allow updates to roll out automatically, many businesses simply do not have the network infrastructure needed to achieve this. Instead, companies should be investigating solutions that quickly and effectively migrate their systems with minimum disruption to the wider business. Our recommendation is the installation of an enterprise content delivery network (ECDN) to help distribute the Windows 10 update immediately and at scale to those last remaining PCs.”
David Emm, Principal Security Researcher at Kaspersky said, "Since no security updates will be generally available after today, anyone who continues to use Windows 7 will be putting themselves at risk. Every vulnerability found will become a zero-day vulnerability - i.e., one for which no patch is available. We recommend that people move to a supported operating system as soon as possible - which would be Windows 10, in the case of Microsoft. Research we undertook in August 2019 indicated that more than a third of consumers still run Windows 7: these people need to be aware of the risks of using outdated software - and update their operating system immediately."
Databarracks’ managing director Peter Groucutt commented: “On the 14th of January, support for Windows 7 ends and when a well-loved operating system reaches end of life, we like to mark the occasion. Five years ago, when Windows Server 2003 was retired we launched it into space. For Windows 7, we opted for a Viking funeral.
“It’s a bit of fun, but there’s a serious message we want to highlight. Staying up to date with operating systems and patching is the simplest and most important security practice to follow. There are countless examples of cyber-attacks and breaches that could have been avoided simply by staying on top of important software updates.
“This is a concern for businesses and consumers alike. GCHQ has warned the public not to email or do online banking using Windows 7 PCs. Businesses simply can’t afford to use legacy operating systems. Keeping devices and software up to data is one of the 5 pillars of the NCSC’s Cyber Essentials scheme and is a requirement for the certification."