There’s no good time for operating systems to reach the end of their days, but the COVID-19 crisis presents an especially disruptive backdrop for the recent end of support for Windows 7 and impending retirement of Office 2010. With the rapid transformation of traditional work environments and new opportunities for threat actors, the pressure is on to protect sensitive data and beef up the IT infrastructure.
“Microsoft made a 10-year commitment to support these products when they were first released, so there’s nothing surprising about Windows 7 and Office 2010 reaching the end of their lives,” says Michael Ball, founder and Virtual Chief Information Security Officer for Team CISO. “The only real surprise is that so many people don’t understand how it will impact their businesses and organizations.”
Challenges Around Unsupported Software
A failure to appreciate the implications of unsupported software is unsettling in many respects, especially considering advice from the Canadian Centre for Cyber Security that the entire IT hierarchy, from management to client, must take every precaution during the COVID-19 pandemic. One explanation for what seems like widespread apathy is that nothing dramatic happens when software reaches the end of its life. Computers keep working, programs keep running, and emails continue to funnel in. The downside, however, is something England’s National Health Service (NHS) learned the hard way in 2017 when WannaCry ransomware disrupted service and cancelled thousands of medical appointments. Post-attack assessments attributed the vulnerability of the NHS’s operating system to unsupported software and a failure to upgrade.
“Unsupported software is a recognized security risk, but a major migration is labour intensive, costly and disruptive,” says Jason Falbo, Chief Technology Officer at Mircom, one of the fastest-growing companies in Canada in the intelligent building and life safety solutions sector. “Sometimes it takes a crisis to provoke change.”
In Mircom’s case, the crisis came in the form of a failing grade on a 2019 security assessment. It would have been easy to do some minor upgrades and call it a day, but Falbo knew that wouldn’t address the deeper need for heightened security. Instead of a quick fix, he committed to a dramatically increased deployment of digital tools, replacing a hodgepodge of on-premise hardware, software and servers with Windows 10 and Microsoft 365 Apps.
Charting a New Course
In a remarkably short time, digital transformation has had a significant impact on Mircom’s mobility and improved the company’s internal collaboration. Teams now have secure access to systems from any device, wherever they are, and an online ticketing program handles requests for IT support. With everything hosted in the cloud, data is well backed up, easily transferable, and readily available in real time. Two-factor authentication (2FA) brings peace of mind by using an extra layer of security to confirm the rightful
ownership of online accounts.
“The modern desktop comes with significant upgrades,” says Ball. “There is still value added from reputation-based products, such as Norton, but Windows 10 and Microsoft 365 Apps come with their own strong security features.”
Ball describes automatic updates as another improvement from a security perspective. “Only a few years ago, desktops were heavy with locally installed apps and tools,” he says. “Users turned off the updates rather than deal with regular interruptions. The modern desktop relieves the worry about missing patches and end-of-software support because apps run in the cloud and install their own updates.”
As the volume of data continues to grow, complying with data security and privacy regulations has become significantly more complex. Businesses are required to retain certain content for a defined period of time and delete this content permanently at the end of the prescribed retention period. Other mandated responsibilities apply to including names on a mailing list and issuing prompt notifications when personal data is breached.
In order to facilitate compliance, Microsoft 365 includes built-in capabilities to help with regulations that govern the archiving, retention, disposition, classification, and discovery of data. Users can assess their compliance risk and improve data protection with
Compliance Manager, and get in-depth information around data protection compliance in Service Trust Portal. These new features address the complexity of executing compliance workflows and reduce the risk of infractions related to anti-spam legislation and Canada’s Digital Privacy Act and Personal Information Protection and Electronic Documents Act.
From a suite of security tools that reduce the risk of a major security breach to the ability to restore OneDrive to an earlier point in time within the last 30 days, there’s obviously much to gain from making the move to a modern desktop. The key is to think of the end of support for Windows 7 and Office 2010 as an opportunity to move to a comprehensive, cloud-based security solution that, according to a recent Forrester study, reduces the risk of a breach by 40 per cent, and the number of end user security incidents by 20 per cent.
“The end of support for these products is a catalyst for change and it’s a change that’s absolutely critical given the modern cyber threatscape,” says Corey Cox, Vice-President of Information Systems for Tandet Group, a diversified investment company with a focus on the transportation sector. “Regrettably, cybersecurity is a constant concern and we must rely on products and training related to malware, ransomware and other malicious cyber attacks.”
As the IT leader for a sector driven by data, Cox sees the cloud-based modern desktop as an essential piece of a proactive cybersecurity strategy. “Windows 10 and Microsoft 365 Apps come with multiple layers of threat detection that look for suspicious behaviour in code,” he explains. “These layers have to run in the cloud in order to assess threats in all of an organization’s machines and escalate problems to IT. If you’re not in the cloud, you can’t achieve that level of sophistication and you can’t ensure the safety of your greatest asset.”
For Brad Anderson, Corporate Vice President for Microsoft 365, creating a culture of security is one of the biggest first steps in cyber defence. “Employees are the greatest security risk, but they are also the greatest strength in an organization,” he says. “Training them to identify threats is paramount to any successful cybersecurity protocol.”
With Windows 7 now at the end of support, Anderson advises small-and medium- sized businesses to make the move to a modern desktop and familiarize workers with Microsoft 365’s mobile application management tools and security features, such as multi-factor authentication, encryption, and sophisticated protection from phishing and ransomware.
“Deploying modern technology and managing it in a modern way is the only viable defence against cybersecurity adversaries,” says Anderson. “Why make it easy for hackers and other bad actors by using obsolete software?”