Why hasn’t XP been killed yet?

It took a recent global attack to realize many companies are still running outdated, vulnerable software. We’re looking at you, XP users, who still make up some 6% of the market share for desktop operating systems. Many researchers assumed WannaCry was the wakeup call businesses needed to upgrade their operating systems, but the market share has only gone down 1% since May.

Microsoft ended mainstream support for XP in 2014. It only recently pushed emergency updates this year in an attempt to avert the WannaCry disaster, and then once more as a response to it. Still, we have headlines showing up about how the US Navy still purchases XP support (presumably because they need it for systems that still have XP) and how several of the contractors who worked on the HMS Queen Elizabeth for the UK were still running XP.

There are several examples to point at when it comes to the security risk contractors pose for your company –  an HVAC contractor once cost Target $18.5 million in a credit card breach and a third-party production company once caused the leak of the latest season for Orange is the New Black – so contractors using XP may come to no surprise for many.

Maybe companies are still using XP because they have business-critical software that doesn’t have a Windows 7 or Windows 10 equivalent. There might be a myth surrounding hardware moves that it’ll cost more to upgrade than to keep things as they are. After all, if it isn’t broke, why fix it?

Because it is broke. And it’s broken enough that several hospitals and airports went down after WannaCry which hurt the bottom line for many businesses.

But what hurts the most is that news media outlets were forecasting that the UK’s healthcare system might be in serious trouble soon enough, with 90% of their hospitals using Microsoft’s XP in December 2016, several months before WannaCry crippled the hospitals’ infrastructure.

The question we have to ask is – which is worse? Going through a hand-held upgrade process where the hurt is more akin to growing pains, or a surprise and complete shutdown of mission-critical systems as the company’s name is splashed across headlines worldwide?

OK, so it’s a bit of a weighted question, but really. Systems should be upgraded to Windows 7 by now, if not Windows 10, especially if the response IT receives about upgrades is that the systems are too valuable to lose or compromise on.