If it ain’t broke, don’t fix it. But are organisations that are running Windows XP aware of the risks when using a 12-year-old operating system? Ken Wye Saw, Chairman of ICT & New Technologies, Singapore Manufacturing Federation, and CEO of CrimsonLogic, speaks to Futures about the importance of organisations to keep their IT resources current.
Many organisations still have computers and servers running on Windows XP. “Government departments and big enterprises have long purchasing cycles, so it is common to still see many XP machines. Unless they plan a technology refresh a year before, it is challenging for them to react quickly,” says Saw.
The proliferation of XP continued even after Microsoft launched new operating systems such as Vista, Windows 7 and its latest, Windows 8. There are many cases of users downgrading new computers to XP due to application compatibility.
“Sometimes, government departments are required to conform to XP because the security layer on top of its standard operating environment is running on XP,” explains Saw.
XP’s usability is also one of the reasons why many enterprises have been procrastinating an update. “XP is a very comfortable operating system to use, which explains why it is so popular. Many organisations do not see the need to update their computers and servers because they are still working well.”
These organisations might not be aware of the risks and vulnerabilities of staying on XP. 8 April, Microsoft no longer provide security updates for Windows XP.
Without critical security updates, computers will be vulnerable to harmful viruses, spyware and other malicious software. “If these PCs do not have good anti-virus protection, or if they are connected to the Internet, the security risks are greater. It is a disaster waiting to happen,” says Saw.
The three key areas of security and privacy – confidentiality, integrity and availability – can be compromised. An attacker or hacker can attempt to access, read and change data or bring down the system.
“Governments should be particularly concerned about these risks – such as unauthorised access to data, information leaks, web site defacement or loss of national infrastructure,” he says.
Saw sees this as a good opportunity for organisations to update their IT hardware as well, which will put them in a much better position to ensure the robustness of their systems going forward.
“Window XP, built over a decade ago, was architected for a world three or five years from that time. It was not designed for today’s interconnected world, where security threats have evolved so much,” he comments.
“Overall, it is critical for organisations to stay current and have a clear technology refresh policy. You need to plan for such upgrades, don’t let it sneak up on you,” concludes Saw.
Report: Kelly Ng