The Caribbean Cyber Security Centre urges all Caribbean businesses, governments, and home users running the Microsoft Windows XP operating system (OS) to aggressively plan to upgrade from Windows XP, which is no longer being supported by Microsoft as of April 8.
It means that Microsoft will not be providing any XP security updates and hackers and cybercriminals will be able to compromise systems running Windows XP with growing ease, and if you have problems related to Windows XP Microsoft will not be providing any free support as you will now have to pay Microsoft for extended support.
XP has been one of the most vulnerable operating systems for some time now, with known Windows XP-enabled system breaches and compromises worldwide. Cybercriminals and hackers know the weaknesses in Windows XP and are expected to target Caribbean businesses and home computers running XP, as an easy operating system to hack and steal a wide range of business and personal data (bank account information, pins, passwords etcetera).
Cybercriminals know all the security holes and vulnerabilities with Windows XP, and how to breach them within minutes to gain access to your business or home computer. As part of the cybercrime process a country the size of Barbados can be easily scanned within a matter of hours for those running Windows XP who are connected to the Internet, therefore it is not hard for cybercriminals and hackers to find your Windows XP system if it is connected to the Internet.
Understanding that the Caribbean is in unprecedented economic times with smaller and smaller budgets on all fronts, it, however, remains critical that business/government leaders and the average home user, understand that being “penny wise” and not upgrading from Windows XP is also being “pound foolish” as the cost of a system breach or data theft can be 100 times more than simply upgrading your system.
Critical infrastructure is the backbone of our regional economies, security and health. We know it as the power we use in our homes, the water we drink, the communication systems we rely on to stay in touch with business partners, friends and family. Additionally, it includes the supporting IT assets, systems, and networks, so vital to our region that their incapacitation would have a debilitating effect on security, even national economic security.
It is estimated that many critical infrastructure systems in the Caribbean may still have critical functions and applications running on Windows XP. Therefore, it is critical that regional governments migrate these systems from Windows XP as soon as possible.
If having available funds to upgrade from Windows XP to Windows 7 or 8 is a challenge at the very minimum as a short term measure you should update your Windows XP system or systems to the latest service pack (which is service pack 3), and ensure that all previously released system and security updates are applies. However at the first opportunity you should upgrade to Windows 7 or 8.
Security experts agree that Windows XP users should take extra special caution when storing their most sensitive information on their PCs – such as banking and credit card data. At the very most, do not store sensitive information in documents or plain text files.
This type of information should always be encrypted in order to help mitigate risk.
For those with the financial resources extended support for Windows XP is available but estimated to cost approximately US$200 per system for the first year. Although this may seem expensive, it pales in comparison to the likely costs of recovery or harm to brand reputation after an XP-enabled security incident occurs.
Additionally as with all computers always make sure you are running a legitimate anti-virus, malware, and spyware programme that is routinely updated.
In some cases, the potential business or government reputational damage that can occur as the result of a Windows XP-enabled breach can be significant, costly, and extremely hard to recover from.
The last thing we in the region need right now is for investors to question our decision-making abilities asking the question, “why did they not upgrade from Windows XP to prevent that network breach and data theft?”.
Simply saying you were “keeping IT cost down” or “it was not in the budget”, which unfortunately is a common post security incident response from many IT managers, will not be a smart answer regardless of how you look at it.
