By James Bynoe
CEO/Senior Cyber Security Consultant
WARRENS, Barbados -- The Caribbean Cyber Security Center has urged all Caribbean businesses, governments, and home users running the Microsoft Windows XP operating system (OS) to aggressively plan to upgrade from Windows XP, which is no longer being supported by Microsoft as of April 8, 2014.
So what exactly does that mean to you as a Windows XP business, government or home user?
It means that Microsoft will not be doing two key things needed to protect your Windows XP computer in today’s rapidly expanding cyber war being waged against the Caribbean by cyber criminals and hackers:
(1) Microsoft will not be providing any XP system or security updates which means that hackers and cyber-criminals will be able to compromise systems running Windows XP with growing ease; and
(2) if you have problems related to Windows XP, Microsoft will not be providing any free support as you will now have to pay Microsoft for extended support.
It was recently reported that the US Internal Revenue Service (IRS) who missed their April 8 deadline to upgrade their systems running Windows XP had to pay Microsoft millions for extended XP support. Microsoft XP extended support is being reported at an estimated cost of US$200 per system for the first year, which ironically is the approximate cost of upgrading to Windows 8.
In line with our Caribbean cyber security predictions for 2014
, Windows XP has been one of the most vulnerable operating systems for some time now, with known Windows XP enabled system breaches and compromises worldwide. Cyber criminals and hackers know the weaknesses in Windows XP and are expected to target Caribbean businesses and home computers running XP, as an easy operating system to hack and steal a wide range of business and personal data (bank account information, PINs, passwords etc.).
To Put it in Simpler Terms
If you found out that thousands of criminals worldwide (not just in Barbados) had the keys to your house and knew your house address (IP -- internet protocol -- address in this case), would you not change all the locks right away no questions asked?
The same thinking applies to upgrading from Windows XP as cyber criminals know all the security holes and vulnerabilities with Windows XP, and how to breach them within minutes to gain access to your business or home computer. As part of the cyber-crime process a country the size of Barbados can be easily scanned within a matter of hours for those running Windows XP who are connected to the internet, therefore it is not hard for cyber criminals and hackers to find your Windows XP system if it is connected to the internet.
Take this Windows XP Alert Seriously
Understanding that the Caribbean is in unprecedented economic times with smaller and smaller budgets on all fronts, it however remains critical that businessgovernment leaders and the average home user, understand that being “penny wise” and not upgrading from Windows XP is also being “pound foolish” as the cost of a system breach or data theft can be 100 times more than simply upgrading your system.
The Caribbean Windows XP Critical Infrastructure Concern
Critical infrastructure is the backbone of our regional economy, security and health. We know it as the power we use in our homes, the water we drink, the communication systems we rely on to stay in touch with business partners, friends and family. Additionally it includes the supporting IT assets, systems, and networks, so vital to our region that their incapacitation would have a debilitating effect on security, national economic security. It is estimated that many critical infrastructure systems in the Caribbean may still have critical functions and applications running on Windows XP, therefore it is critical that regional governments migrate these systems from Windows XP upgrade as soon as possible.
The risk accepted by any regional critical infrastructure system owner running Windows XP prior to April 8, 2014, had now significantly changed to a much higher risk profile.
So what MUST you do?
If having available funds to upgrade from Windows XP to Windows 7 or 8 is a challenge at the very minimum as a short term measure you should update your Windows XP system or systems to the latest service pack (which is service pack 3), and ensure that all previously released system and security updates are applies. However, at the first opportunity you should upgrade to Windows 7 or 8.
All security experts agree that Windows XP users should take extra special caution when storing their most sensitive information on their PCs -- such as banking and credit card data. At the very most, do not store sensitive information in documents or plain text files. This type of information should always be encrypted in order to help mitigate risk.
For those with the financial resources extended support for Windows XP is available but estimated to cost approximately US$200 per system for the first year as previously stated. Although this may seem expensive, it pales in comparison to the likely costs of recovery or harm to brand reputation after an XP-enabled security incident occurs. Additionally as with all computers always make sure you are running a legitimate anti-virus, malware, and spyware program that is routinely updated.
In some cases the potential business or government reputational damage that can occur as the result of a Windows XP enabled breach can be significant, costly, and extremely hard to recovery from. The last thing we in the region need right now is for investors to question our decision making abilities asking the question, “why did they not upgrade from Windows XP to prevent that network breach and data theft”. Simply saying you were “keeping IT cost down” or “it was not in the budget” which unfortunately is a common post security incident response from many IT manager, will not be a smart answer however you look at it.
At the end of the day it is critical that you upgrade your Windows XP system or systems to a supported Microsoft Windows operating system Windows 7 or 8, and apply all the available system and security updates. Don’t be penny wise and pound foolish as the Caribbean has been targeted and is under cyber-attack.
Cyber criminals and hackers are using our low regional level of cyber security awareness against us, which is why the Caribbean Cyber Security Center is doing its part to raise the overall level of cyber security awareness across the region.