Reading Time: ~ 2 min.

Our 2020 Threat Report shows increasing risks for businesses and consumers still running Windows 7, which ceased updates, support and patches earlier this year. This creates security gaps that hackers are all too eager to exploit. In fact, according to the report, malware targeting Windows 7 increased by 125%. And 10% of consumers and 25% of business PCs are still using it.

Webroot Security Analyst Tyler Moffitt points out that a violation due to a data breach could cost a business $50 per customer per record. “For one Excel spreadsheet with 100 lines of records, that would be $50,000.” Compare that with the cost of a new workstation that comes pre-installed with Windows 10 at around $500, and you quickly realize the cost savings that comes with offloading your historic OS. 

Windows 10 also has the added advantage of running automatic updates, which reduces the likelihood of neglecting software patches and security updates. Continuing to run Windows 7 effectively more than doubles the risk of getting malware because hackers scan for old environments to find vulnerable targets. Making matters worse, malware will often move laterally like a worm until it finds a Windows 7 machine to easily infect. And in a time when scams are on the rise, this simple OS switch will ensure you’re not the weakest link.

While businesses are most vulnerable to Windows 7 exploits, consumers can hardly breathe easy. Of all the infections tracked in the 2020 Threat Report, the majority (62%) were on consumer devices. This does, however, create an additional risk for businesses that allow workers to connect personal devices to the corporate network. While employees work from home in greater numbers due to COVID-19, this particular security risk will remain even higher than pre-pandemic levels.

Layers are key

As Moffitt points out, no solution is 100% safe, so layering solutions helps to ensure your cyber resilience is strong. But there is one precaution that is particularly helpful in closing security gaps. And that’s security awareness training. “Ninety-five percent of all infections are the result of user error,” Moffitt says. “That means users clicking on something they shouldn’t thus infecting their computer or worse, a entire network.” Consistent training – 11 or more courses or phishing simulations over a four- to six-month period – can significantly reduce the rate at which users click on phishing simulations.

Also, by running simulations, “you get to find out how good your employees are at spotting scams,” Moffitt says. “If you keep doing them, users will get better and they will increase their efficacy as time goes on.”

Fight cyber-risks with cyber resilience

The best way to close any gaps in protection you may have is to deploy a multi-layered cyber resilience strategy, also known as defense-in-depth. The first layer is perimeter security that leverages cloud-based threat intelligence to identify advanced, polymorphic attacks. But since cyber resilience is also about getting systems restored after an attack, it’s also important to have backups that enable you to roll back the clock on a malware infection.

With so many people working from home amid the global coronavirus pandemic, it’s increasingly critical to ensure cyber resilient home environments in addition to business systems. Find out what major threats should be on your radar by reading our complete 2020 Threat Report.

Tyler Moffitt

About the Author

Tyler Moffitt

Security Analyst

Tyler Moffitt is a Security Analyst who stays deeply immersed within the world of malware and antimalware. He is focused on improving the customer experience through his work directly with malware samples, creating antimalware intelligence, writing blogs, and testing in-house tools.

Share This