As finserv companies lag in Win10 migration, are they exposed to attacks?

And finserv companies should be ahead of curve on security, not behind it.

windows 10 UUP
Thinkstock

As is now well-known, many of the prime targets of the devastating WannaCry and Petya attacks were organizations that had – for various reasons – fallen behind with their software updates, including things like Windows operating system upgrades and critical patching.

If there is any one lesson from WannaCry, it’s the importance of staying current with software updates. The ramifications of not doing so are increasingly severe. IT security is now not just a matter for IT departments – it’s a board-level issue. CEO jobs are at risk when a company suffers from a big breach or cyberattack. 

Therefore, you would think that financial services companies, with their heavy investments in IT security and front-end systems, would be scrupulous about basics such as software updates. Back-end computer systems for financial institutions tend to be legacy oriented, meaning their software was likely originally installed 10 or more years ago – many are still running XP, which was the vulnerability point for many WannaCry victims.

But according to a survey of 1,000+ IT professionals, fewer than 6 percent of respondents in the financial services sector had completed their Win10 migration even though the new OS has been available for more than 2 years. This was lower than the average of 9 percent across all industries. So finserv companies are less prepared than their peers.

Meanwhile, more than one-third of finserv companies expect their migration to take 1.5+ years to complete, leaving them vulnerable to attacks for a long time to come. Companies starting their Win 10 migrations today would be exposed until mid-2019!

So not only are finserv companies way behind on their OS updates, with just one out of 16 migrated to Win 10, but lengthy Win 10 migrations within the finserv ecosystem will wreak havoc. During their migrations, companies are exposed to security risks, and will also face difficulties in keeping up with all the Win 10 updates Microsoft is continually releasing. Running multiple versions of the same operating system simultaneously during the migration period makes it very challenging to detect and remedy problems.

So, what should finserv companies be doing right now to catch up and patch up their Windows vulnerabilities?

Do a software audit to pinpoint software vulnerabilities

Before you update, you need to know what you’re dealing with. An audit can help determine which software version is running on every device on the network – so you know where to start.

Look for ways to automate the process of OS updates and patching

It’s possible to automate the rebuild of PCs with clean Windows installations, migration to Windows 10, patch management, performing BIOS-to-UEFI conversion for all enterprise hardware, and new computer provisioning, without the need for IT engineer involvement. Think about how a manual migration works: each tech might handle one or two devices a day. So, a company with 100,000 devices could spend years on a manual migration. Automation can help shave that by half, or more.

Consider real-time endpoint automation

These tools provide real-time query and change capabilities to IT estates regardless of size, scaling to millions of endpoints, including IoT and mobile. They can help finserv companies plan OS or application deployments, troubleshoot issues and take immediate action to remediate a compromise such as WannaCry.

Get your Win 10 migration going

If you haven’t begun this process, you need to get the ball rolling. If you’ve followed the steps above and considered automation, you’ll already know how much time and money you can save by automating portions of the Win 10 migration process.

Finserv companies should be ahead of curve on security, not behind it. You don’t want to be next CIO or CEO caught on the hot seat having to answer questions about what went wrong. Proactively address Windows vulnerabilities across your organization so you know you’re doing everything you can to protect your data from the next WannaCry.

This article is published as part of the IDG Contributor Network. Want to Join?

Related:
How to protect Windows 10 PCs from ransomware
Shop Tech Products at Amazon