Windows 7 ESU Emergency: One year to go

By Mat Clothier
Mat Clothier, CEO and Founder of Cloudhouse discusses the urgency of taking action with the final year of Windows 7 ESUs now coming into force

As the Windows 7 end-of-life date came into effect in January 2020, moving on to Extended Security Updates (ESUs) proved to be a business necessity for many to enable a basic level of protection against the worst emerging cyber threats without upgrading the operating system. It’s now the last stay of execution for businesses entering the final year of a Windows 7 ESU plan. From January 2023, the three year cycle will come to a close, meaning critical security patches will no longer be provided to businesses.

Running the risk

The importance of putting a plan in place with one year to go is paramount when considering the emerging cyber risks facing organisations. Attack types such as ransomware, where hackers hold organisations and potentially their customers and partners to ransom over sensitive data, is growing exponentially, while the newly released Allianz Risk Barometer lists cyber incidents as the most important global business risk for 2022 (44%).

By January 2023, any organisation failing to take action will run the risk of exposure due to the continued use of a known vulnerable operating system that cyber attackers can exploit. The results of such an attack could be truly disastrous, ranging from significant financial implications to data breaches which could threaten the organisation’s existence. 

As the third year of Windows 7 ESUs come into play, businesses in this position today have already had to spend significant amounts of money. The cumulative nature of how these patches are provided by Microsoft means that organisations have had to invest in each ESU since 14th January 2020, making it vital to use this remaining year to ensure the risks of continuing to use ESUs, and subsequently an unsupported system, are avoided.

Avoiding business interruption

One of the key reasons that businesses haven’t employed a long-term solution and are now entering the final year of ESUs is the balancing of business priorities. No organisation wants to expose their operations to ransomware or other emerging threats, but the fear of upgrading to a new operating system such as Windows 11 and the impact this could have on application compatibility is very real, leaving many organisations stuck in a trap.

An old version of a critical application can force companies to stay on an outdated operating system version which then leads to security issues. The key is to break that coupling, which unshackles businesses from Windows 7 and also eradicates the need for ESUs. Businesses also then avoid any downtime or interruption which could lead to lost revenue.

Breaking the cycle

To break the chain, state-of-the-art tools provided by an end-of-life migration specialist like Cloudhouse can allow critical applications to be transplanted from outdated platforms and effectively placed into the latest Microsoft operating systems. Unlike application virtualisation or layering solutions, the application can be abstracted from the underlying platform, and the run time can be isolated and optimised for Windows 11 for example. Businesses then have access to a system which is regularly patched and updated while still ensuring effective use of the critical app. To enable best practice configuration moving forward, organisations are also able to use services that can identify what is non-compliant or out of date in their estate and achieve compliance.

Employing this approach not only secures the business against cyber risk, but eradicates the possibility of business disruption. A prominent example of where Windows 7 is likely to still be used today is in the context of desktop interfaces on terminals in a retail setting. This could involve up to 50,000 employees with little IT experience using a piece of software or an application on a daily basis, and it’s critical that it retains the same functionality and provides the same user experience that those workers are used to when updated to a new operating system. These tools allow businesses to do exactly that, meaning a reduction in costs that would have otherwise been incurred by extra training to use a new and completely different piece of software.

Back to basics

Businesses still running Windows 7 that choose to not take any action over the course of the next year will leave themselves critically vulnerable to major business disruption. For organisations in the public sector such as healthcare, periods spent offline due to a hacking event can prove to be a major hurdle in providing critical care services. For example, the hacking of the Newfoundland and Labrador health authority in Canada led to the use of inefficient paper-based backups for administration.

Patching of systems is security 101, and a basic requirement for businesses in the fight against cyber risks. Use of the right tools can enable organisations to be better prepared for the cyber threat with updated systems and compatible applications in place. We’ve undoubtedly entered a state of emergency with one year of Windows 7 ESUs left, but it isn’t too late for organisations to act.



Featured Articles

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Google at 25: From a Search pioneer to AI breakthroughs

Technology Magazine explores how the tech giant went from being based in a California garage to a pioneer in technologies from AI to quantum computing

McKinsey: Nine actions for CIOs and CTOs to embrace gen AI

McKinsey identifies nine actions to help CIOs and CTOs create value, orchestrate technology and data, scale solutions, and manage risk for generative AI

OpenAI ChatGPT Enterprise tier drives digital transformation

AI & Machine Learning

Sustainability LIVE: A must-attend for technology leaders

Digital Transformation

VMware and NVIDIA to unlock generative AI for enterprises

AI & Machine Learning