Kaspersky conducted a study based on anonymised OS metadata provided by consenting Kaspersky Security Network users. The survey has found that 20% of PC users in Kenya are still using the end-of-life OS Windows 7, which stopped receiving mainstream support in January 2020. When an OS comes to the end of its lifecycle, no more updates will be issued by the vendor, including critical security fixes.
Although a trusted operating system may seem fine on the surface because it does everything you need it to do, if the vendor no longer supports it, it could be susceptible to attacks. When operating systems reach end-of-life, vulnerabilities will remain without update patches to resolve issues, providing cyber attackers with potential ways to gain access to a system. Therefore, it is critical to update the OS to protect the system or business network from this avoidable issue.
Among those still using Windows 7, consumers, small and medium businesses (SMBs), and very small businesses (VSBs) occupy almost the same share – 20%, 11% and 20% respectively. It’s noteworthy, that 20% of VSBs still use the outdated OS and, particularly considering that they do not have dedicated IT staff responsible solely for cybersecurity – it makes it more important to ensure their OS is up-to-date. For now, businesses can still receive extended paid support for Windows 7, but this means extra expense – and this offering will not be available forever (according to MS Extended Security Updates FAQ, the last term of ESU will end in 2023).
Kaspersky’s findings also showed that only a small percentage (less than 1%) of people and businesses still use older operating systems, such as Windows XP and Vista, support for which ended in 2014 and 2017, respectively. Overall, almost one quarter (22%) of users in Kenya are still running a Windows OS without mainstream support (among such OS are: Windows 7, Windows 8, Windows XP, Windows Vista).
Fortunately, 73% of users are using Windows 10, the latest version of Windows OS, which appears to be the safest choice as well.
“Updating your operating system might seem like a nuisance for many. But OS updates are not just there just to fix errors, or to enable the newest interface. The procedure introduces fixes for those bugs that can open a gaping door for cybercriminals to enter. Even if you think you are vigilant and protected while online, updating your OS is an essential element of security that should not be overlooked, regardless of any third-party security solution’s presence. If OS is obsolete, it can no longer receive these critical updates. If your house is old and crumbling, there is no point to install a new door. It makes more sense to find a new home, sooner rather than later. The same attitude is needed when it comes to ensuring the security of the operating system you trust with your valuable data every day”, comments Oleg Gorobets, Senior Product Marketing Manager at Kaspersky.
Knowing the risks of an end-of-life operating system is a good start but acting on that knowledge is a smart way to finish. So, to protect yourself, or your business, Kaspersky recommends the following:
- Use an up-to-date version of the OS and make sure the auto-update feature is enabled.
- If upgrading to the latest OS version is not possible, organisations should consider this attack vector in their threat model and ensure smart separation of vulnerable nodes from the rest of the network. Kaspersky Embedded Systems Security can provide support in this case, as it allows operating an OS as old as Windows XP SP2 that runs on systems with very low specifications.
- Use solutions with exploit prevention technologies, such as Kaspersky Security Cloud, Kaspersky Endpoint Security for Business, and Kaspersky Small Office Security, which help to reduce the risk of exploitation of unpatched vulnerabilities that can be found in and obsolete OS (Windows 7 and earlier).