There is a relatively old—though still fundamentally true—adage about Windows: Microsoft’s biggest competition is Microsoft, as a specific subset of users (and businesses) only upgrade to the latest version of Windows kicking and screaming. According to SpiceWorks’ Future of Network and Endpoint Security report, published Tuesday, 32% of organizations still have at least one Windows XP device connected to their network, despite extended support for XP ending in 2014. (Notably, the last variant of XP, Windows POSReady 2009, reached end of life in April 2019.)
With the looming end of free support for Windows 7, this reticence of users and enterprises to upgrade to newer versions of Windows is likely to create significant security issues. Presently, 79% of organizations still have at least one Windows 7 system on their network, according to SpiceWorks, which also found that two thirds of businesses plan to migrate all of their machines off Windows 7 prior to the end of support on January 14, 2020, while a quarter will only migrate after that deadline.
SEE: How to choose between Windows, macOS, and Linux (free PDF) (TechRepublic)
Separately, a Gartner market forecast from April forecasted that only 75% of professional PCs will be on Windows 10 by 2021. Leaving margins for Apple users, still-in-support instances of Windows 8.1, and professional adoption of Linux on the desktop, this leaves a healthy amount of unprotected Windows 7 and XP users potentially susceptible to zero-day attacks like WannaCry, unless—as in that scenario—Microsoft comes to the rescue of users of unsupported Windows versions to prevent their assimilation into a botnet.
Zero-day attacks were the second-most cited concern among IT decision makers, according to SpiceWorks, with 18% of respondents citing that as their primary concern. Insider data leaks were the most cited, at 27%, while attacks on IoT devices was third (17%), followed by supply-chain attacks (15%), DDoS attacks (15%), and cryptojacking (15%). Fewer than 20% of respondents indicated their business was “completely prepared” for common security threats.
Considering the risks that accompany unsupported software generally, and the larger attack surface that results from an unsupported (or otherwise unpatched) operating system, there is a relative lack of urgency to migrate from Windows 7. Certainly, while paid support for volume licenses is a possibility for some, smaller organizations ineligible for volume licensing will be left out in the cold. To date, Microsoft has shown no signs of wavering in their intent to grant a reprieve to the remaining users of Windows 7. Without a major shift, or a reprieve from Redmond, the prospect of unpatched, internet-connected systems is fertile ground for botnet creation.
For more, check out “PC shipments grew in Q2, fueled by tariff concerns and Windows 7 migrations” and “South Korean government planning Linux migration as Windows 7 support ends” on TechRepublic.