Windows 7 is becoming an increasingly less secure operating system to do business on, according to a recent threat report.
Webroot recently published its bi-annual Threat Report for the first half of 2019.
These statistics demonstrate an escalation in the tactics of cyber criminals. For example, malware that can evade signature-based antivirus security is now the norm, and phishing remains an increasingly lucrative tactic.
Windows 7 – Time to Upgrade?
We recently wrote that Windows 7 Professional is receiving extended support through an additional 3 years of security updates.
Despite this, Neuways highly recommends upgrading to Windows 10 in order to ensure you’re working on the most secure version of Windows. This is supported by Webroot’s latest Threat Report, which found that older operating systems are increasingly vulnerable to exploits.
Though Windows 7 has always been a much-loved and reliable platform, upgrading is becoming more and more essential.
Why Upgrade to Windows 10?
- Windows 10 is the most secure, functional, and productive version of Windows desktop.
- Full compatibility with Office 365 applications, platforms, and security mechanisms.
- Windows 10 allows for the broadest compatibility with leading 3rd party programs and applications.
- Windows 10 offers a best-in-class laptop and mobile experience.
The reason that 2017’s WannaCry cyber attack was so devastating was because of the large number of unpatched devices on older systems (many pre-Windows 7). But with the Windows 7 operating system seeing a massive 71% spike in malware in the first half of 2019, now is the time to make ensure that you’re working on the latest version of Windows 10.
Changing Nature of Malware
Antivirus security used to work primarily by identifying threats based on their ‘definition’, with the definition index updated regularly. This is known as signature-based detection and is based on the principle of identifying the threat and adding information about it to a knowledge database.
This means that if an incoming threat meets the criteria, or ‘definition’, then it will be flagged.
However, recent reports (including Webroot’s) have found that malware is becoming increasingly polymorphic. The means that, much like a medical virus, malware is evolving to outpace the antidote (antivirus security, to continue the medical comparison…).If the malware can outstrip the ‘definition’ then it’s free to implant itself into a victim’s device. Signature-based detection is therefore no longer good enough to keep up with the range of threats arrayed against businesses.
Polymorphic malware is now the norm, with 95% of malware detected identified as being unique to each individual PC. Ultimately, this means that businesses using standard antivirus security will be unable to detect 95% of malware!
This means you need a modern endpoint security solution that responds proactively to threats with behavioural analysis and machine learning.
Phishing in Plain Sight
Another observation in the report is that phishing remains a lucrative weapon of choice for cyber criminals.
Why is this?
Well, it’s simple to set up, easy to conduct, and at least 1 in 10 people fall for a phishing email.
The report found that a staggering 29% of phishing URLs are HTTPS certified. This means that almost one third of websites designed to steal your personal details (including banking and account credentials) possess a certificate denoting secure data encryption.
Looking for a HTTPS logo has often been a cyber security best practice. However, it does not guarantee the authenticity of a website. In fact, if you submit your details to a HTTPS-enabled phishing website, all it means is that your information has been sent securely to the criminal operating the website!
Remarkably, another finding in the report was that 1 in 4 of malicious URLs were found on trusted, legitimate websites.
This is because criminals know they can rely on the trust of users when visiting particular websites. With this in mind, criminals will sometimes hijack individual pages on trusted websites. This allows them to host malicious URLs that direct the victim to a less secure location on the web.
Any questions about endpoint security or an upgrade to Windows 10? Give us a call on 01283 753 333
or email firstname.lastname@example.org.