At one point or another, we’ve all been blindsided by news that has literally changed our lives. Though we’re often left momentarily stunned, it’s imperative to figure out how to adjust and carry on. It’s not always easy, but you know the expression – where there’s a will, there’s a way.
However, the discontinuation of support for Windows XP is not news that should take anyone by surprise, as its April 8, 2014 retirement date was officially announced almost a full year ago. Cyber criminals surely have the date circled on their calendars, as the security risks posed to the numerous users and enterprises still using Windows XP beyond that date have been well documented. Recently, these risks have become both more prominent and dangerous. ZDNet reports that, using a form of malware called Backdoor.Ploutus, hackers are starting to remotely access a portion of the 95 percent of ATMs in the United States still using the soon-to-be deceased operating system (OS). “By simply sending a text message to the compromised system, hackers can control the ATM, walk up to it, and collect dispensed cash.” Clearly, this is a major cause for concern.
And it’s not exactly as if Microsoft has been trying to sweep the retirement of XP under the rug, either. In addition tosending pop-up dialog boxes encouraging users of the 488 million systems still using XP to upgrade to another Microsoft OS, the corporation even went so far as to recruit tech-savvy friends and family to help “old holdouts” make the transition. Unfortunately, the results have been lackluster. HelpNetSecurity reports that many users call these efforts a “poorly disguised sales pitch,” and, according to The Indian Express, as of February 25, 2014, 16 percent of large enterprises were still stuck on the old OS. What will it take to convince them to upgrade to newer, more secure operating systems?
Making the Migration from Windows XP
Tim Green of Network World put it bluntly, yet eloquently, “If you haven’t retired Windows XP and you haven’t been fired, get busy.” CIOs know that migration is far from a simple or quick process, and Green correctly observes that the larger the enterprise, the longer the migration to a newer OS will be. As Gregg Keiser of Computerworld explains, “If every PC sold in the next 12 months was one designed to replace an existing Windows XP system, it would take more than a year and a half – about 20 months – to eradicate XP.” Essentially, it boils down to this: getting end users and enterprises to make the OS switch will take some time, but it is a necessary evil.
The good news is there are some steps that can be taken to minimize the mobile security threats inherent to XP while that migration is taking place. For example, as Green observes, Network Access Control (NAC) will play an important role in “isolating XP machines on corporate networks and limiting what devices they can communicate with.” Securing these endpoints with a centrally managed remote access security solution is essential to safeguard against data breaches, especially for organizations with a BYOD policy in place. That’s because IT administrators can easily adjust network access settings for XP device users and revoke access in case of a breach. IT can also ensure that a device using the discontinued OS has the required antivirus and anti-malware programs or otherwise, place it within a quarantine zone until the OS or security software is updated. With the proper precautions, IT may even be able to remotely wipe the compromised devices.
Mobile Security in the post-XP World
In the end, though, it’s worth noting that best practices for secure remote access should not come to a screeching halt once the migration to a newer OS has been completed. Today’s increasingly skilled hackers will continue to exploit every potential security flaw they can identify, including devices using newer OSs, such as Windows 8, for example, to insecurely connect to a corporate network. Using a VPN is a tried and true way to ensure communications between corporate networks and end devices are protected via an encrypted tunnel, making it substantially more difficult for cyber criminals to intercept or manipulate the data being shared. The retirement of Windows XP marks the end of an era, but it also presents enterprises with a chance to fortify their mobile security strategies. Will your organization seize this opportunity?