
Reading Time: ~ 2 min.
Our 2020 Threat Report
shows increasing risks for businesses and consumers still running Windows 7, which
ceased
updates, support and patches earlier this year. This creates security gaps
that hackers are all too eager to exploit. In fact, according to the report, malware
targeting Windows 7 increased by 125%. And 10% of consumers and 25% of business
PCs are still using it.
Webroot Security Analyst Tyler
Moffitt points out that a violation due to a data breach could cost a business $50
per customer per record. “For one Excel spreadsheet with 100 lines of records,
that would be $50,000.” Compare that with the cost of a new workstation that
comes pre-installed with Windows 10 at around $500, and you quickly realize the
cost savings that comes with offloading your historic OS.
Windows 10 also has the added
advantage of running automatic updates, which reduces the likelihood of
neglecting software patches and security updates. Continuing to run Windows 7
effectively more than doubles the risk of getting malware because hackers scan
for old environments to find vulnerable targets. Making matters worse, malware
will often move laterally like a worm until it finds a Windows 7 machine to
easily infect. And in a time when scams
are on the rise, this simple OS switch will ensure you’re not the weakest
link.
While businesses are most vulnerable
to Windows 7 exploits, consumers can hardly breathe easy. Of all the infections
tracked in the 2020 Threat Report, the majority (62%) were on consumer devices.
This does, however, create an additional risk for businesses that allow workers
to connect personal devices to the corporate network. While employees work from
home in greater numbers due to COVID-19, this particular security risk will remain
even higher than pre-pandemic levels.
Layers are key
As Moffitt points out, no solution
is 100% safe, so layering
solutions helps to ensure your cyber resilience is strong. But there is one
precaution that is particularly helpful in closing security gaps. And that’s
security awareness training. “Ninety-five percent of all infections are the
result of user error,” Moffitt says. “That means users clicking on something
they shouldn’t thus infecting their computer or worse, a entire network.”
Consistent training – 11 or more courses or phishing simulations over a four-
to six-month period – can significantly reduce the rate at which users click on
phishing simulations.
Also, by running simulations, “you
get to find out how good your employees are at spotting scams,” Moffitt says.
“If you keep doing them, users will get better and they will increase their
efficacy as time goes on.”
The best way to close any gaps in
protection you may have is to deploy a multi-layered cyber
resilience strategy, also known as defense-in-depth. The first layer is
perimeter security that leverages cloud-based threat intelligence to identify advanced,
polymorphic attacks. But since cyber resilience is also about getting systems
restored after an attack, it’s also important to have backups that enable you
to roll back the clock on a malware infection.
With so many people working from
home amid the global coronavirus pandemic, it’s increasingly critical to ensure
cyber resilient home environments in addition to business systems. Find out
what major threats should be on your radar by reading our complete 2020 Threat Report.