With the clock ticking down to the Windows 10 end of life (EOL) deadline in October, organizations are dragging their feet on Windows 11 migration – and leaving their devices vulnerable as a result.
New data from threat exposure management platform NordStellar shows that nearly six-in-ten systems affected by infostealers in December last year are still running Windows 10.
"The number of systems affected by infostealers closely mirrors the overall operational system market share — Windows 10 has been heavily targeted for years due to its popularity,” said Vakaris Noreika, a cybersecurity expert at NordStellar.
“However, it will have an even bigger target on its back in the wake of its end of life, which will eventually create new vulnerabilities.”
"Once an operational system reaches this deadline, it no longer receives any security updates, vulnerability patches, or support from the software creator. These vulnerabilities are widely known and often exploited — infostealers can be coded to target these weaknesses more efficiently, resulting in more effective attacks against outdated systems."
Sticking with Windows 10 could have dire consequences
While the Windows 11 adoption rate has been rising steadily since last November, time is running out. Microsoft has made no secret of the changeover, and has repeatedly urged enterprises and consumers alike to make the shift to the newer operating system.
Failure to do so could have dire consequences, Noreika warned, with enterprises leaving themselves open to an array of threats.
"Migrating to a new operational system takes time — based on the current adoption rate, we estimate that approximately 30 to 40% of systems may still be running Windows 10 when it reaches end of life in October, creating a substantial attack surface for cyber criminals," said Noreika.
The situation may mirror that of Windows 7, which still had a 23% market share six months before its end of life - and 20% when the deadline hit. Even now, according to NordStellar, it holds a 2% market share and is still being targeted by infostealers.
Meanwhile, infostealers aren't the only risk for future Windows 10 users, with malware and new data exfiltration and exploitation techniques on the rise.
"Considering just how many enterprises might still be running Windows 10 after its end of life, there's a high possibility that we'll see a growth in various cybersecurity incidents if businesses continue to delay migration," said Noreika.
"Taking into account the financial and reputational losses that come with a data breach, delaying migration can be a decision that eventually costs the company millions of dollars and their client's trust, which will take years to regain."
Users seeking to continue with Windows 10 can fork out for extended security updates (ESU), which provide critical security updates for up to three years after the official EOL date.
But they don't come cheap, at $61 per device for the first year, doubling every year to $122 per device in year two and $244 in year three. Nor do they include ongoing technical support.
MORE FROM ITPRO
- Microsoft Windows 11 review: The more things change, the more they stay the same
- Having difficulty with Windows 11? Here are the most common problems - and how to fix them
- A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Recall arrives for Intel and AMD devices after months of controversyNews Microsoft's Recall feature is now available in preview for customers using AMD and Intel devices.
-
With one year to go until Windows 10 end of life, here’s what businesses should do to prepareNews IT teams need to migrate soon or risk a plethora of security and sustainability issues
-
Microsoft is doubling down on Widows Recall, adding new security and privacy features – will this help woo hesitant enterprise users?
News The controversial AI-powered snapshotting tool can be uninstalled, Microsoft says
-
Microsoft pulls Windows update after botched patch causes blue screens, reboot loopsNews Microsoft has pulled a Windows 11 update ahead of next week's Patch Tuesday after encountering a raft of issues
-
Microsoft patches rollback flaw in Windows 10News Patch Tuesday includes protection for a Windows 10 "downgrade" style attack after first being spotted in August
-
It looks like we’re stuck with Windows Recall: Microsoft confirms option to uninstall was just a ‘bug’
News The controversial feature can be disabled, but Microsoft isn't saying much else
-
Companies “wary” of Windows 11 migration challenges as Windows 10 EOL draws closer
News A recent study shows that only a fraction are running Windows 11, despite a rapidly-approaching end of life deadline
-
New Windows vulnerability could repeatedly trigger the blue screen of death on millions of devicesNews Attackers could exploit the Windows vulnerability to repeatedly crash machines and trigger a blue screen of death, according to researchers at Fortra
