Survey Finds One In Three Businesses Still Run Windows XP

Security vulnerabilities affecting older versions of Windows and other software have been the cause of massive data breaches and enabled the spread of devastating malware and ransomware attacks including WannaCry and NotPetya. Yet, a shocking number of businesses are still running outdated operating systems. A new study released by Spiceworks, a networking company for the information technology industry, found that one in three companies surveyed are still running at least one Windows XP machine within their network.

In a survey of 489 IT decision makers at firms ranging in size from under 100 employees to as large as more than 1,000 employees, Spiceworks found that a whopping 32 percent of companies still have Windows XP systems that they rely upon. Save for the most important security updates—including a patch to stop the spread of the WannaCry ransomware attack in 2017 and an emergency update offered in the wake of the discovery of the BlueKeep vulnerability earlier this year—Windows XP is no longer supported by Windows. The operating system hasn't received a standard security update since April 2014. For businesses that still have the operating system holding a prominent position within its IT infrastructure, this poses significant security challenges and exposes the network to security breaches.

As if the prominence of Windows XP wasn't enough of a concern, the presence of Windows 7 is also widespread across the businesses surveyed. Nearly four in five companies, 79 percent, reported using Windows 7 machines. While the operating system is still supported by Microsoft for the time being, its end of service date is coming fast. Microsoft plans to end support for the operating system on January 14, 2020. After that point, computers running Windows 7 will no longer receive necessary security updates to address major vulnerabilities. Unless companies move quickly to adopt Windows 10 (luckily, 78 percent of companies reported having at least one Windows 10 machine within their network), they will be left vulnerable to attacks — and only 25 percent of those surveyed said they planned it migrate from Windows 7 prior to the end of service date.

What makes the threat of these outdated systems even more pressing is the fact that more than half of companies surveyed said they don't have a cybersecurity expert on staff. It appears to be in large part because companies are planning to move away from relying on internal staff to take care of IT security. Spiceworks found that adoption of AI-powered threat intelligence platforms that automatically scan networks for signs of attack could triple from 18 percent currently to 48 percent by 2021. Likewise, the adoption of intrusion detection and prevention "as a service" could triple from 12 percent today to 35 percent by 2021.

“There are massive opportunities for security vendors to help organizations better protect their devices, data, and networks as they turn to intelligent security technologies and security as a service solutions to guard against new threats and compensate for a cybersecurity skills gap,” Peter Tsai, a senior technology analyst at Spiceworks, said. “Looking forward, security vendors that can offer solutions and services with the right mix of value for money, protection against emerging threats, and innovative capabilities will be well positioned to capitalize on this trend.”