A Freedom of Information request has revealed that as of July, one in five of the computers being used daily by England's second largest police force are still running Windows XP.
The Greater Manchester Police force confirmed it was still running the obsolete OS on 1,518 PCs - equivalent to 20.3 per cent of its total office computers.
Running an older version of Microsoft's Windows operating system is never recommended because it can give hackers a clear advantage when it comes to gaining access to your PC. The company ended all official support for Windows XP in 2014 and any viruses, malware or exploits discovered by hackers since then have been left unpatched and pose a serious security risk.
Dr Steven Murdoch, a cyber-security expert at University College London, highlighted the potential risks of using an outdated OS, saying:
“Even if security vulnerabilities are identified in XP, Microsoft won't distribute patches in the same way it does for later releases of Windows. So if the [police's] Windows XP computers are exposed to the public internet, then that would be a serious concern. If they are isolated, that would be less of a worry – but the problem is still that if something gets into a secure network, it might spread. That is what happened in the NHS with the recent Wannacry outbreak.”
Wannacry affected computers worldwide and NHS had to cancel operations and appointments since many of its computers were inaccessible after the attack and those that were not were shut down to prevent the ransomware from spreading. Just imagine if the same scenario were to occur at a police station.
However, the Greater Manchester Police are addressing the issue and are currently taking steps to reduce their reliance on Windows XP. A spokeswoman for the department shed further light on the steps being taken to phase out the dated OS from everyday use, saying:
“The remaining XP machines are still in place to complex technical requirements from a small number of externally provided highly specialised applications. Work is well advanced to mitigate each of these special requirements within this calendar year, typically through the replacement or removal of the software applications in question.”
The news was quickly seized on by the wider security industry as a significant indicators that the police and wider public and private sectors need to join forces in order to reduce security vulnerabilities.
“The public sector is an increasingly popular target for cybercriminals. Its ample sensitive data provides large-scale opportunities to cause havoc, as was made evident this year with the WannaCry attack which targeted the NHS," commented Raj Samani, fellow and chief scientist at McAfee.
“It’s no secret that our public sector is grappling with significant budgeting challenges. On top of this, new strains of malware are being developed every day. It’s therefore essential that security remains a key priority, and that police forces ensure they’re looking to the most effective and efficient ways to secure their operations and data. From running the most up to date operating systems to ensuring all devices are protected against malware and ransomware, our public sector needs to be protected."
Image Credit: Yukiko Matsuoka / Flickr