printer friendly version

30% of local consumers still use unsupported operating systems

Many consumers and businesses still rely on unsupported or near end-of-life operating systems (OS), according to Kaspersky research. While newer versions of such OS are available, around 30% of South African consumers still use either an unsupported or approaching end-of-support desktop OS like Windows XP or Windows 7. At the same time, 23% of very small businesses (VSBs) and 35% of small, medium-sized businesses (SMBs) and enterprises in South Africa still rely on these systems. This situation creates a security risk.

In most cases, the end-of-lifecycle of an OS means that no further updates will be issued by the vendor, and this includes updates related to cybersecurity. Yet security researchers or cyber attackers may find previously unknown vulnerabilities within these systems. Subsequently, these vulnerabilities may be used in cyberattacks and users will be left exposed as they will not receive a patch to resolve the issue. To try and gauge how many of these at-risk systems exist in order to estimate the scale of the risk, Kaspersky researchers analysed the anonymised data of OS use provided by Kaspersky Security Network users (with their consent). The results show that four out of ten consumers still use obsolete systems, including extremely old ones like Windows XP and Vista.

Looking at the specific versions of outdated OS used, 1% of consumers and 1% of workstations used by VSBs rely on Windows XP – an OS which hasn’t been supported for over 10 years. Remarkably, some consumers (1,4%) and businesses (0,5% of VSBs and 0,9% of SMBs and enterprises locally) missed the free update to Windows 8.1 and continue to use Windows 8, which has not been supported by Microsoft since January 2016.

Windows 7 is still a popular choice for consumers and businesses, despite extended support coming to an end in January 2020. 27% of consumers and 22% of VSBs in South Africa, along with 34% of SMBs and enterprises, still run this OS.

“Statistics show that a significant share of users, both businesses and individuals, still use workstations running an outdated or approaching end-of-lifecycle OS. The widespread use of Windows 7 is concerning, as there is less than six months to go until this version becomes unsupported. The reasons behind this lag vary depending on the software in place, which may be unable to run on the newest OS versions, to economic reasons and even just down to habit.

Nonetheless, an old unpatched OS is a cybersecurity risk – the cost of an incident may be substantially higher than the cost of upgrading. “This is why we recommend that customers migrate to supported versions and ensure that additional security tools are in place during the transition period,” says Alexey Pankratov, enterprise solutions manager, Kaspersky.

To be protected against emerging threats, Kaspersky recommends that businesses and consumers do the following:

• Use an up-to-date version of the OS with the auto-update feature enabled.

• If upgrading to the latest OS version is not possible, organisations are advised to take into account this attack vector in their threat model and to address it through smart separation of vulnerable nodes from the rest of the network, in addition to other measures. Consider Kaspersky Embedded Systems Security (if using Windows XP).

• Use solutions with behaviour-based exploit prevention technologies, which help to reduce the risk of exploits targeting obsolete OS (Windows 7 and later).

Share this article:

Further reading: