Lack of XP Security Creates Potential Impending Doom
Effective April 8, 2014, Microsoft will stop supporting its XP operating system and displace hundreds of thousands of users who still use the software for work, school, and home activities. That wouldn’t be much of a concern if we lived in a hacker-free society. The sad truth of the matter is that we’re under virtual attack every hour of every day, and security experts have warned of an impending attack, as a result.
What’s at Stake?
According to the Federal Financial Institutions Examination Council (FFIEC), all XP-using financial institutions are warned that the discontinuation of support for Microsoft Windows XP could present operational risks to financial institutions, technology service providers, and third-party support organizations. As of April 8, 2014, Microsoft will no longer provide regular security patches, technical assistance, or support for the XP operating system. FFIEC members include the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Consumer Financial Protection Bureau, and the State Liaison Committee.
Further complicating the issue is the network of devices that are dependent upon an XP-enabled machine. Any device that runs an XP application, even a remotely hosted XP application, is equally vulnerable; giving hackers the opportunity to steal thousands to hundreds of thousands of dollars the day after Microsoft ceases support. Compromised intellectual property, missing records and even identity theft are just some of the proposed dangers predicted to occur soon after the purported doomsday.
Proposed Solutions and Consequences of Non-Compliance
Institutions that own or operate ATMs and associated devices or technologies are cautioned to upgrade and improve current security measures as well. Appropriate measures may involve upgrading to other platforms and/or adding on additional security layers. moving to Windows 7, replacing core processors, adding memory or even full ATM replacements may be in order.Failing to follow the recommended course of action opens another risk that is less concerned with security and more occupied with compliance. A financial institution that’s vulnerable to hack attacks will be non-compliant with PCI (Payment Card Industry) guidelines and face potential federal fines. These guidelines enforce the use of relevant updates, upgrades and patches. Ignored, they could cost an institution up to a $100,000 each month.There is evidence of resistance despite the lingering threat. For some, the migration to higher-end operating systems is too difficult and too costly. But experts say the move is obligatory – especially in the face of this pending disaster. In addition, they caution that this is no Y2K scare. Where the Y2K scare was an infantile and unwarranted response compared to what we know about computers today, this threat is real and its full implications are simply not known.