A recent Kaspersky study found that 22% of PC users still run Windows 7, which reached its end-of-support period in January 2020.
To reach these conclusions, the company looked at anonymised OS metadata provided by the consenting Kaspersky Security Network user base.
Kaspersky said that while an operating system like this may seem fine on the surface, the risk comes from it being more susceptible to cyber-attacks due to no longer receiving important software updates.
The same goes for other operating systems – upon reaching the end-of-life cycle, any cyber security issues will remain unresolved, thus granting the attackers an opportunity to gain unauthorised access by capitalising on it.
Kaspersky’s position is to nudge all organisations towards upgrading to Windows 10 (Microsoft’s latest operating system).
The good news is that more than 72% of all users appear to be running it, with less than 1% of them running operating systems that are even older, such as Windows XP or Windows Vista.
According to Oliver Tavakoli, CTO at Vectra, using an outdated operating system like this is similar to driving a car with a brake light on.
Despite the risks that come with it, conveying the message to users remains a challenge.
Dirk Schrader from New Net Technologies added that when looking at public procurement policies at various government agencies, there is often a lack of contingencies for an outdated OS.
The mantra is to keep using it if it still works, despite the fact that added costs can crop up from forcing extensions on service support from the vendor.
In the event of a breach, a loss of reputation and a public backlash will follow.
John Hammond, senior security researcher at Huntress, noted that many production systems across several industries still run end-of-life operating systems and that the responsibility to upgrade them lies with the organisations themselves.