Over half a billion PCs will be rendered insecure this week after Microsoft’s Windows 10 operating system reaches its official end of life – creating a cornucopia for criminals as new research finds nearly half of Australian end users find device and data security too “frustrating” to bother with.
The official end of life (EOL) for Windows 10 comes just over a decade since the release of the now ubiquitous operating system – which Microsoft has said is now installed on 1.4 billion Windows and consumer devices worldwide – and four years after the release of its successor, Windows 11.
Reaching end-of-life means that as of 14 October, Microsoft will stop the regular updates it has pushed to PCs throughout the life of the operating system – although users will be able to buy up to three years’ extra security updates under the Windows 10 Extended Security Updates program.
It all comes down to security
Security is one of numerous drawcards for Windows 11 – which the company calls “a new era for security” with features including AI-powered security protections, biometric logons, a privacy dashboard, and extra hardware security in PCs using the Microsoft Pluton security processor.
If you’re still running Windows 10 and have no reason not to upgrade, consider doing so – not the least because upgrading and patching is a core recommendation of the ASD Essential Eight security measures – but do ensure critical applications have been updated to support Windows 11.
The change is “one of the most significant end-of-life (EoL) announcements since Windows XP,” BeyondTrust chief security advisor Morey J Haber said, noting that Windows 11’s reliance on new security hardware means older computers “will lack the hardware requirements” to upgrade.
“Those systems will become obsolete,” he added, “and many will end up in landfill… Operating systems updates and security patches will cease to be generally available for these non-compliant systems, which, consequently, will become increasingly vulnerable over time.”
Users, businesses still aren’t getting the message
Even as Microsoft exhorts users to upgrade, surveys suggest hundreds of millions are yet to do so – with remote access firm TeamViewer noting that a recent audit of 250 million technical support sessions found 38 per cent of Australian PCs are still running Windows 10.
Security firm Kaspersky reported in September that 53 per cent of its home users, and 59.5 per cent of corporate user, were still running Windows 10 – with fully 8.5 per cent of users still running Windows 7, which reached EOL in January 2020 and is considered irredeemably insecure.
While each business and individual has their own reasons for deferring their Windows 11 upgrade, the fact that only a third of users have done so hints at a bigger problem around security behaviours: despite having more security options than ever, users simply aren’t taking them.
Indeed, while 82 per cent of the 7,000 respondents to Cybsafe’s latest Cybersecurity Attitudes and Behaviours Report consider online safety a priority, fully 43 per cent called it “intimidating” – with 48 per cent of 1,000 polled Australians, more than the 42 per cent average, calling it “frustrating”.
That hardly engenders confidence in end user security – especially since most respondents likely work in companies that rely on them to protect corporate data, and to avoid succumbing to malware, phishing and social engineering attacks that can be catastrophic for customer privacy.
“People knowing what to do doesn’t mean that they are doing it,” Cybsafe behavioural scientist Dr Suzie Dobrontei told a recent Security Awareness Special Interest Group (SASIG) webinar, in which she discussed the findings to coincide with October’s Cybersecurity Awareness Month.
Citing the COM-B Model for Behaviour Change – which attributes people’s behaviours to physical, psychological, reflective, and physical and social factors – Dobrontei said the figures suggest people are taking less, not more, responsibility for security over time.
