Familiarity is the enemy of progress. Why get something new if what you have still meets your needs? That is the thinking among some Windows XP users who are resisting a migration to Windows 7 or 8.
The problem is on April 8 Microsoft officially pulled the plug on supporting the 13-year-old operating system. This means Microsoft, which stopped selling XP in 2008, is no longer sending out security patches for XP. And that should be a major concern for any XP user.
According to estimates, XP users remain a sizeable group, with as many as 500 million still latching on to their XP-loaded machines. Nearly one-third of all OS users – an estimated 28 percent – still rely on XP for their computing needs.
Those users should be worried. Because Microsoft no longer sends out security patches, the potential for a security breach is high. Patches address software vulnerabilities as they are discovered. Wily cyber criminals constantly look for new vulnerabilities that let them sneak into systems and networks to steal private user data and intellectual property. In recent years, cyber espionage has become a major concern for companies that have trade secrets to protect.
Security breaches can be devastating. They can cost millions of dollars in remediation, ruin a company’s reputation, invite lawsuits, and incur stiff penalties from regulatory agencies. Companies operating in the U.S. are subjected to a veritable web of federal and state data-privacy regulations. In addition, the European Community and various individual countries have data-protection laws that call for punitive fines if violated.
So while an organization may invoke expense as a reason for delaying migration from Windows XP, the results of a security incident resulting from the exploit of an unpatched OS may prove far more costly.
With that in mind, solution providers should be consulting with clients to make them aware of the potential risks associated with the failure to migrate. Walk them through the potential costs and liability of a security breach.
Some large companies may be planning to protect themselves through a Custom Support Agreement from Microsoft, but at $20 per user, the CSA can be a significant expense. But even with a CSA in place, it may be hard to protect against the more sophisticated threats, such as advanced persistent threats (APT) and targeted attacks, both of which zero in on specific organizations or departments to infect networks and steal data.
As trusted advisors, solution providers can play a key role here in making sure that familiarity with XP doesn’t impede progress – or worse, invite disaster.
What are Lenovo partners seeing in the market regarding migration from XP? Are your clients aware of the potential risks?