Why 'If it Ain't Broke, Don't Fix it' is Bad Advice for End-of-Life

Written by Sam Jones
Mar 3, 2021 - 4 minute read

Nothing lasts forever, and that couldn’t be more true of operating systems. If you're on end-of-life OS you could be putting your business at risk...

Download Free Small Cyber Security Infographic

Nothing lasts forever, and that couldn’t be more true of operating systems. If you or your business is still using an end-of-life operating system, you could be at risk of cyber attack. 





What is an End-of-Life operating system?

An end-of-life or end-of-support operating system is, simply, one which is no longer supported by the developer it came from. This means that these operating systems will no longer receive security updates, patches or bug fixes and technical support is no longer provided. 

 

You might be thinking, what’s the issue here? The software still works and you’re used to it - it gets the job done. 

 

The problem is that continuing to use end-of-life operating systems can cause serious issues in terms of cybersecurity. An unmaintained operating system poses several security vulnerabilities - ones that threat actors will be all too quick to take advantage of - which can lead to successful cyber attacks on your business.

 

Why would a business stay with an old operating system?

There’s a few possible reasons businesses may not be transitioning from outdated platforms and software. A lot of smaller companies might be tight on budget and looking to save costs by not investing in the latest OS or software. Others might be going by the popular saying’s advice “if it ain’t broke don’t fix it” - things work as they are so they’ll just wait until it fails before they do something about it. 

 

julia-joppien-XFUqd0u5U7w-unsplash

 

Even if a business plans to move to an updated OS, migration can take some time, especially if you’re not sure what solution is right for you. However, software developers will usually warn users several times before an operating system is about to enter the end-of-life stage of its lifecycle and will require upgrading. It’s, therefore, a good idea as a business to keep an eye out for these notifications so you can make the necessary preparations in advance and avoid a period of time where your systems may be vulnerable.

 

What are the main issues with continuing to use End-of-Life OS?

 

Security

Holding onto end-of-life software and operating systems means any holes in security are not getting filled, leaving you vulnerable to cyber attack.

 

Incompatibility

Businesses may be reluctant to upgrade OS because they want to keep using legacy applications. This only exposes you to more security issues however, as it’s the updated versions (unsupported by your end-of-life operating system) which are more secure.

 

Compliance

You could be putting the sensitive data you deal with at risk by using it on outdated systems and applications. 

 

Poor performance and reliability

Aged software will likely function much worse in terms of performance, making day to day tasks difficult to get done with applications crashing and work potentially getting lost. 

 

Is this a real security threat to me?

There have been plenty of notable cyber attacks on businesses that have been due to or made worse by outdated operating systems. For example, the infamous WannaCry attack in 2017 which exploited bugs in outdated Microsoft Windows operating systems like Windows XP. Windows XP reached its end-of-life back in 2014 so Microsoft had to act quickly by releasing a patch to fix this. 

 

WannaCry affected computer systems in 150 countries with the NHS in the UK being seriously affected, but this could have been avoided had users not been using end-of-life operating systems. 

 

pexels-george-morina-5038984-min

 

The financial costs estimated for the NHS from the attack were around £92 million, not to mention the healthcare that didn’t reach those who needed it because of business interruption. It goes to show how damaging end-of life operating systems can be for your security - so why risk it?

 

It’s worth bearing in mind that you should also consider the third-party vendors and suppliers that your business works with. If they are still using obsolete software or operating systems, they can quickly put your business’ important data at risk. 

 

Conclusion 

It is vital for operating systems to be kept up-to-date in order to keep your business safe and this is why it’s a key requirement of the Cyber Essentials certification. The costs you could be dealing with by sticking to your old systems far outweigh the costs of upgrading.

 

Like anything, proper forward-planning can help you organise your budgets and be prepared for when updates are rolled out, so you can keep on top of your cybersecurity, and remember your MSP is also there to help advise and make these changes smooth and straightforward.

Topics: IT, Business Security, Cyber Security

author

More by Sam Jones

Related articles
Why Your Size Does Matter: Hacking Myths That Put SMEs at Risk"

Think your SME is too small to be hacked? Discover why size does matter when it comes to cyber threats and how to protect your business from Hacking.

Monthly Cyber Compliance: The Hackers’ Worst Nightmare!

Stay ahead of cyber threats with monthly vulnerability assessments and penetration testing to identify and fix weaknesses, ensuring a robust and secure network.

MFA - Why Your Second Factor Might Be as Weak as Your First!

Why phishing-resistant MFA is crucial for modern cybersecurity and how to choose the best MFA to defend against phishing attacks and protect sensitive data.