RIP, Microsoft XP: Don't Mourn, Just Migrate

XP support end of life, April 8th.

All good things come to an end, unfortunately. Microsoft’s XP operating system, with approximately 400 million systems still in use, will no longer be supported starting April 8, 2014.

Considering how much this has been in the news this should not be a surprise to most companies. However, for those that haven't yet made the transition may be in for a rude awakening. For companies that have not migrated to Windows 7 or 8 this transition will be expensive and complex. Because of this you can expect to see XP in use for years to come.

However, companies that do not update will be doing so at their own risk, both from a security and compliance standpoint.

1.   What does this end of life really mean?

Microsoft will no longer issue security updates for XP. 

2.   Why is this such a big deal?

Knowing how the bad guys operate, they are always looking for the path of least resistance when they launch attacks. It is believed that hackers have hoarded a number of exploits that they will launch once the XP patches stop. Also, due to how Microsoft uses shared coding between XP and newer versions of Windows, attackers will reverse engineer patches that Microsoft releases for newer Windows versions to create exploits that also work on XP.

3.   If I only have one or two XP systems in my network, am I at risk?

Yes, especially if they are connected to a network that has access to the internet. One bad apple can ruin the basket. A hacker is just looking for a way into your network and that one XP system will be their key in.

View a more in depth article on this issue here from Trustwave.

When you upgrade you must consider the following:

1.   Will my current software run on Windows 8?

2.   What will be the cost & time to upgrade your software to run on the newer platform?

3.   What will the cost be to train your staff?

4.   Will there be any downtime, loss of production?

These are expenses that many business people cannot afford immediately, but you must budget to upgrade your computer systems. The risk is too great to have your sensitive data stolen. And as we saw with the Target breach, your business may not store sensitive data, but if you communicate with another company that does, you may be at risk of a legal nightmare if a hack originates from your system.

Consider the following costs associated with a data breach:

1.   A forensic examination could cost from $150 to $275 per record stolen, or having an outside firm handle the forensics will cost you from $200 to $2,000 per hour.

2.   To notify your customers could cost from $.50 to $5.00 per customer.

3.   How will you handle the increase in customer service calls you will receive? Consider the extra labor hours and/or the cost to use a third-party call center.

4.   The cost to provide credit monitoring could be as high as $30 per customer.

5.   The cost of public relations could be as high as $214 per customer according to a 2010 Ponemon Study.

6.   The average legal defense cost could be $500,000 and the average settlement is $1 million.

7.   Consider the potential costs of regulatory proceedings, fines and penalties.

8.   After a breach, a company may be required to implement a Comprehensive Written Information Security Program.

View the entire article on Data Breach Costs here.

You be the judge. I think it is well worth it to migrate to Windows 8 no matter how much you love --  --  or depend on XP.