Ransomware , Risk Management , Technology

As Ransomware Attacks Spike, Organizations Need to Catch Up

Use of Outdated Operating Systems Remains Widespread, Says ESET's Mark James
Mark James, security specialist, ESET

The latest operating systems provide better security than ever. But as the WannaCry outbreak demonstrated, many devices still run older, no longer supported operating systems, and many organizations and individuals became malware victims, in part, because of their reliance on those outdated systems.

See Also: How to Scale Your Vendor Risk Management Program

Whose fault is that? "When you've got something which seems to be doing its job, exactly as it needs to do, to have to just upgrade it, because the embedded operating system is old, or the integration into new systems is possibly ... outdated, it would seem to be a waste of funds," says security firm ESET's Mark James (see No-Brainer Ransomware Defenses).

Britain's National Health Service, for example, was hit hard by the WannaCry outbreak, and some infections were tied to an ancient operating system, in some cases running in equipment that could not be updated (see NHS Denies Widespread Windows XP Use).

But hospitals have difficult funding decisions to make, especially if a piece of equipment with an embedded - and potentially outdated - operating system could still function well, diagnostically speaking, for another decade or more.

Six percent of PCs used globally still ran Windows XP as of May 2017. (Source: NetMarketShare)

In a video interview at the recent Infosecurity Europe conference in London, James details these challenges, as well as:

  • The need - and push by Microsoft - to move Windows users to the latest version of the operation system;
  • The challenge of defending against opportunistic malware and phishing attacks;
  • The imperative to stop blaming users for security failures.

James is an IT security specialist for ESET UK. He has worked at the company since 1999. Prior to his current role, he was the technical team leader, managing the help desk team that offers technical support to customers. He has been working in the IT industry for 25 years and has held many roles, covering such domains as network management, infrastructure systems design and integration.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.