This week’s big security story is the so-called Petya ransomware attack. It is not the first such attack, it won’t be the last, and its success will prompt cyber criminals to attack again, and again, and again. In this new threat environment, there are zero excuses for any enterprise, public or private, to be running Windows XP, or any other insecure platform.
Even the cops run Windows XP
Chronic underfunding and a conservative government ideologically committed to cuts mean key U.K. public services remain under threat of cyber attack. In recent weeks, the National Health Service saw its computing systems fail because they relied too much on unprotected Windows systems. This morning we learned that the U.K.’s Metropolitan Police force still uses over 18,000 computers running Windows XP. The key police force of the U.K.’s biggest city is, therefore, currently vulnerable to cyber attack.
How can this be a good thing?
Coming from a government with a record of failure culminating most recently in the dreadful and potentially preventable Grenfell Tower tragedy, final death toll of which remains unknown, this vulnerability is incompetent at best.
Of course, this reliance on dated kit isn’t unique to the U.K. government. A glance at the chaos unleashed across the IT systems of multiple big enterprises by Petya shows you this. The biggest problem seems to be the continued used of older (frequently unsupported) Windows systems by cash-strapped firms struggling to make money in a tough and uncertain economic climate. Yet how much cash do they lose in the event of a successful ransomware attack?
Time to upgrade
We know the PC market has been soft, slow or slumping (pick your euphemism) in recent years. A move to mobile devices—tablets, smartphones and their far more secure iPad and iPhone alternative—has eaten away at the edge of PC industry profits.
This trend means many firms have opted to squeeze as much use out of their existing IT investments while they wait for mobile devices to truly turn PCs into “trucks.” This hasn’t quite happened yet, but that future remains close and the recent iOS 11 improvements for Apple’s iPad Pro mean many now see that tablet as a strong choice for enterprise IT.
Security, a commitment to regular software updates, privacy and Apple’s long string of enterprise-focused alliances also come into the frame here.
Your life for ransom
These days, software is everything.
When mission-critical enterprise applications go offline, this isn’t just an excuse to grab a cup of coffee—these systems drive entire industries, and their collapse means companies lose time, money and reputation. (In a connected age, reputation is everything.)
This goes beyond internal systems, of course—Internet of Things devices (particularly in the first generation) are notoriously poorly protected, giving increasingly sophisticated cyber criminals ample opportunity to penetrate deep into the heart of corporate IT using these poorly protected endpoints. This may even put key infrastructure at risk.
What’s the alternative?
We already know the alternative. It’s the same alternative Apple CEO Tim Cook appeared on stage at Cisco Live to promote, and it’s an little upstart company in California called Apple.
Apple and Cisco are working together to create a best-in-industry security proposition for enterprise users. And yes, you read that right: They are working together to ensure that if a business customer takes cybersecurity insurance and uses Apple/Cisco kit, they will get a better deal than they would if their IT is built around other systems.
“We believe with every release we need to make security better and better,” said Cook. “Hackers aren’t hackers any more. It’s a sophisticated enterprise.”
Apple and Cisco both understand that in a world of highly complex cyber threats, those with the skills to create attacks have become highly paid professionals.
That means those choosing to create attacks will get more for their money if they target less well-protected systems, like the old Windows installations that we now know for certain remain in critical positions across public and private infrastructure. Or, indeed, those poorly protected mobile devices that aren’t made by Apple.
Upgrade time
Enterprises everywhere need to take a close look at what’s happening.
It must surely be clear to them at this point that these attacks are not going to reduce in frequency.
It is also critical they understand that their IT systems must be fit for use in the always-on, always-connected digital future. Security isn’t a "nice to have," it has become a "must have." Entire economies may be at risk if good security practice is not in play.
Whatever the budget seems to be, CIOs must—immediately—secure additional funding with which to replace their old and creaky unsupported Windows kit.
They can choose to deploy mobile devices where those devices can make sense. (On the grounds of security alone, I recommend Apple and help from systems integrators such as JAMF, Dimension Data, IBM and Deloitte. That list will inevitably grow.)
They may also choose to deploy Macs. Why wouldn’t they, given they share the same basic OS as the mobile devices most enterprises now choose to deploy and cost much less to run?
I’m in little doubt that Apple is the right solution at the right time to create a much brighter future for enterprise IT—your life does not need to be at ransom.
Do you agree? If not, why not? What does Apple need to do to extend its offer to the future of enterprise technology?
Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?
Got a story? Drop me a line via Twitter and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.