The support deadline for Windows XP is long gone and if you have chosen not to pay for extended support, your business is potentially at risk from a whole host of malicious things. But don't say you weren't warned. In some ways, the 8 April deadline turned into the new Y2K bug, with a lot of media attention and many organisations blinded by panic. But unlike the Y2K bug, the threat hasn't disappeared because the deadline has come and gone and your computers are - presumably - still working. If you're still running XP, the threats remain very much alive unless you take safeguarding measures.
Yet, according to recent AppSense-commissioned research, two thirds of organisations won't pay for extended security support for XP, despite an average of 13 per cent of computers within UK organisations expected to continue running XP long after April 2014. This research also revealed that only 3.5 per cent of overall budgets will be spent on security to support XP, despite the considerable amount of security risks associated with the lapsing support.
Also, perhaps most worryingly, 70 per cent of businesses are either not very or not at all concerned about security after the end of support. These figures highlight a real lack of concern from organisations towards security and the XP issue.
To reduce the security risks for organisations, in January, Microsoft announced that it will continue to provide basic cybersecurity to XP users until July 2015. However, our research showed that less than one fifth of IT decision makers are convinced that this will make a difference to their situation.
This uncertainty can be associated with a number of factors. These can include a lack of awareness of the risks that the absence of security brings, leaving organisations vulnerable, or even something as simple as the cost associated with extending security and protection. It means that businesses are potentially putting themselves at risk needlessly. By failing to invest in appropriate security to support XP, and by not realising the risks associated with the continuing use of the unsupported operating system, organisations are creating potentially weak links, leaving themselves open to new vulnerabilities and exploits.
Even when looking towards the future, less than a third of UK businesses admitted that they were planning on increasing their security measures ahead of the XP uncertainty, with 40 per cent of IT leaders refusing to increase their security ahead of their migration or extended use.
But it's not all doom and gloom. The research revealed that 84 per cent of IT decision makers plan to migrate from their XP operating system within the next year. But organisations should resist the urge to rush the migration process. Migration is not a standard protocol, and every case is different. It needs a carefully planned and measured approach, and IT departments should seek advice and plan to migrate in a way that works for them.
Looking ahead, IT departments need to secure their systems from the potential security risks associated with continued use of Windows XP. It is important that the IT department invests in proper planning and the right toolset to protect itself.
There are many options available to secure XP systems in the short- to medium-term, so organisations can protect themselves against unknown, as-well-as known threats, whilst comprehensive migration plans are created and executed. This approach can ensure there is no lack in productivity or major disruption to operations. There are also many choices and technologies available that not only secure, but also speed up the migration process.
Although the deadline for support has now passed, it is not too late to get things back on track. By implementing safeguarding measures, IT departments can better prepare themselves from the threats that the end of support brings. If you're still running XP, you're going to have to get off it at some stage, but you'd better make sure you protect yourself; because nothing will set you back quite like a security breach halfway through the migration process.
Simon Townsend is the chief technologist of AppSense EMEA