As Ransomware Attacks Spike, Organizations Need to Catch UpUse of Outdated Operating Systems Remains Widespread, Says ESET's Mark James
The latest operating systems provide better security than ever. But as the WannaCry outbreak demonstrated, many devices still run older, no longer supported operating systems, and many organizations and individuals became malware victims, in part, because of their reliance on those outdated systems.
See Also: Attivo Deception MITRE Shield Mapping
Whose fault is that? "When you've got something which seems to be doing its job, exactly as it needs to do, to have to just upgrade it, because the embedded operating system is old, or the integration into new systems is possibly ... outdated, it would seem to be a waste of funds," says security firm ESET's Mark James (see No-Brainer Ransomware Defenses).
Britain's National Health Service, for example, was hit hard by the WannaCry outbreak, and some infections were tied to an ancient operating system, in some cases running in equipment that could not be updated (see NHS Denies Widespread Windows XP Use).
But hospitals have difficult funding decisions to make, especially if a piece of equipment with an embedded - and potentially outdated - operating system could still function well, diagnostically speaking, for another decade or more.
In a video interview at the recent Infosecurity Europe conference in London, James details these challenges, as well as:
- The need - and push by Microsoft - to move Windows users to the latest version of the operation system;
- The challenge of defending against opportunistic malware and phishing attacks;
- The imperative to stop blaming users for security failures.
James is an IT security specialist for ESET UK. He has worked at the company since 1999. Prior to his current role, he was the technical team leader, managing the help desk team that offers technical support to customers. He has been working in the IT industry for 25 years and has held many roles, covering such domains as network management, infrastructure systems design and integration.