News & Resources

Outdated software puts companies at risk for identity theft

Apr 01, 2014 Dave King

An operating system that isn't receiving security updates is a danger to the company that uses it. The holes that are left by this sort of outdated software could allow hackers in and lead to a data breach. This is especially important for business to keep in mind now, as Microsoft has announced on its website that as of April 8, support and updates will no longer be offered for the Windows XP operating system.

This presents a large problem for many, as statistics for Windows XP usage show that this particular instance could be a much more widespread problem, however. According to the PCI Security Standards Council, 1 in 3 computers in 2014 still use the OS. It also powers 95 percent of ATMs worldwide.

PCI also mentioned that of the 20 million new pieces of malware discovered by McAfee between June and September 2013, the majority were used to target businesses. This is due to the valuable information those companies have about clients, which the hackers can use for mass identity theft.

Business still running on Windows XP may find themselves compromised come April 8 if action isn't taken soon. Identity theft can ruin clients' consumer credit scores, as well as a business's reputation.

Consequences of a data breach


The consequences of a data breach can be both financial and legal in nature. According to the 2013 Cost of Data Breach Study: Global Analysis by the Ponemon Institute, the average cost to an U.S. organization for a data breach is over $5.4 million. Companies that deal in industries like financials, communications and healthcare are more likely to experience higher than average costs for a breach.

Data breaches also expose firms to litigation. The National Conference of State Legislators notes that 46 out of the 50 states in the U.S. have laws regarding notifying clients about a security breach. Failure to comply leaves one open to heavy fines, and even when the laws are complied with, individual clients may choose to pursue civil lawsuits.

Breaches and scams
The chance of a company being taken advantage of due to outdated hardware isn't limited to malware infection. Eve Blakemore wrote on the Microsoft Developer Network blog that there have been attempts at phone scams attempting to access computers or obtain data. If a company were to be targeted by this type of fraud, there is potential for a business to experience a major security violation.

Attachmate released an infographic stating that it is predicted hackers will start attacking computers that use Windows XP within 10 minutes of removing security support.

Protecting your client's data
There are steps businesses can take to protect sensitive client information from a security infraction. The Federal Financial Institutions Examination Council released a statement regarding the end of Windows XP support. Suggestions for companies included plans to manage and minimize risk, as well as procedures to deal with the consequences if a data breach does occur. Vigilance in ID verification is also a suitable strategy.

Attachmate also revealed that for systems like ATMs that us the OS, it could cost anywhere for $200 billion to $700 billion to update all the machines in the U.S. to a newer OS like Windows 8. For businesses that provide utility services it could potentially cost $100 million and take several years for a single company.

Despite the cost being significant for some firms, Microsoft still suggests that best solution is to upgrade systems running Windows XP to a more modern OS that does receive security updates. No matter what strategy a business takes, steps should be taken to avoid data breaches that could result in its clients experiencing identity theft.