With the clock ticking down to the Windows 10 end of life (EOL) deadline in October, organizations are dragging their feet on Windows 11 migration – and leaving their devices vulnerable as a result.
New data from threat exposure management platform NordStellar shows that nearly six-in-ten systems affected by infostealers in December last year are still running Windows 10.
"The number of systems affected by infostealers closely mirrors the overall operational system market share — Windows 10 has been heavily targeted for years due to its popularity,” said Vakaris Noreika, a cybersecurity expert at NordStellar.
“However, it will have an even bigger target on its back in the wake of its end of life, which will eventually create new vulnerabilities.”
"Once an operational system reaches this deadline, it no longer receives any security updates, vulnerability patches, or support from the software creator. These vulnerabilities are widely known and often exploited — infostealers can be coded to target these weaknesses more efficiently, resulting in more effective attacks against outdated systems."
Sticking with Windows 10 could have dire consequences
While the Windows 11 adoption rate has been rising steadily since last November, time is running out. Microsoft has made no secret of the changeover, and has repeatedly urged enterprises and consumers alike to make the shift to the newer operating system.
Failure to do so could have dire consequences, Noreika warned, with enterprises leaving themselves open to an array of threats.
"Migrating to a new operational system takes time — based on the current adoption rate, we estimate that approximately 30 to 40% of systems may still be running Windows 10 when it reaches end of life in October, creating a substantial attack surface for cyber criminals," said Noreika.
The situation may mirror that of Windows 7, which still had a 23% market share six months before its end of life - and 20% when the deadline hit. Even now, according to NordStellar, it holds a 2% market share and is still being targeted by infostealers.
Meanwhile, infostealers aren't the only risk for future Windows 10 users, with malware and new data exfiltration and exploitation techniques on the rise.
"Considering just how many enterprises might still be running Windows 10 after its end of life, there's a high possibility that we'll see a growth in various cybersecurity incidents if businesses continue to delay migration," said Noreika.
"Taking into account the financial and reputational losses that come with a data breach, delaying migration can be a decision that eventually costs the company millions of dollars and their client's trust, which will take years to regain."
Users seeking to continue with Windows 10 can fork out for extended security updates (ESU), which provide critical security updates for up to three years after the official EOL date.
But they don't come cheap, at $61 per device for the first year, doubling every year to $122 per device in year two and $244 in year three. Nor do they include ongoing technical support.
MORE FROM ITPRO
- Microsoft Windows 11 review: The more things change, the more they stay the same
- Having difficulty with Windows 11? Here are the most common problems - and how to fix them
- A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution
-
Everything we know about the Plex data breach so farNews Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
-
Mainframes are back in vogueNews Mainframes are back in vogue, according to research from Kyndryl, with enterprises ramping up hybrid IT strategies and generative AI adoption.
-
Windows 10 extended support costs could top $7 billionNews Enterprises sticking with Windows 10 after the October deadline face huge costs
-
A senior Microsoft exec says future Windows versions will offer more interactive, ‘multimodal’ experiencesNews With speculation over a Windows 12 reveal mounting, a senior company figure claims the new operating system will mark a step change for users
-
Microsoft’s botched August updates wiped SSDs, now it’s breaking PC resets and recoveries on WindowsNews An out-of-band patch has been issued by Microsoft to fix a flaw introduced by its August update
-
A Windows 11 update bug is breaking SSDs – here’s what you can do to prevent itNews Users first began reporting the Windows 11 update bug last week
-
The Windows 11 migration conundrum: What role can the channel play?Industry Insights Resellers are instrumental to making the right choice about the next steps...
-
Windows 10: Six essential steps IT teams should take over the next two monthsIndustry Insights With Windows 10 support ending soon, IT leaders must act now to mitigate risk
-
The NCSC just urged enterprises to ditch Windows 10 – here’s what you need to knowNews The UK cyber agency says those that haven’t migrated to Windows 11 should do so immediately
-
Windows 11 finally overtakes Windows 10 in popularity – but what’s driving this surge?News It’s been a long time coming, but Windows 11 is finally Microsoft’s most popular operating system
