Monday 24 July 2017

Our PCs are hopelessly dated and left vulnerable

The latest figures from Dublin-based Statcounter show that at least 5pc of our internet-connected computers are putting their owners and colleagues at great risk. Stock picture
The latest figures from Dublin-based Statcounter show that at least 5pc of our internet-connected computers are putting their owners and colleagues at great risk. Stock picture
Adrian Weckler

Adrian Weckler

Leave aside the security risks of putting so much of our lives into databases and machines.

In Ireland, we face a particular problem - hundreds of thousands of our PCs are hopelessly out of date to fight off serious attacks.

The latest figures from Dublin-based Statcounter show that at least 5pc of our internet-connected computers are putting their owners and colleagues at great risk.

That's because Windows XP, Vista and Windows 8.0 don't come with security patches any more.

To put this into context, there are hundreds of patches issued by Microsoft every year aimed at deflecting or suppressing destructive viruses.

As it happens, Microsoft has issued a patch for Windows XP to fight off the WannaCry ransomware strain. But the company has made clear that it's a one-off. Furthermore, it's doubtful whether many of those who use an old Windows XP machine will go and seek out the patch (which is available at Microsoft.com).

Read More: Putin blames US for computer attack that wreaked global havoc

So it can only be a matter of time before many of these computers pick up some variant of preventable malware. What may surprise ordinary people is just how many Windows XP machines are still in use across industry and the public sector. Many banking ATM machines still use Windows XP. So do large numbers of industrial and medical devices, which is a contributing factor to why British NHS hospitals were in the frontline of the WannaCry ransomware virus.

"We have individual customers with tens of thousands of XP devices," said Dermot Williams, managing director of Threatscape, a large IT security company. "In certain industries and for certain applications it becomes inevitable. You're talking about ticketing machines, CCTVs, ATMs and public signage. The cost to update it all can run into millions."

This is exactly the problem facing the HSE. It still has 1,500 systems using Windows XP because the specialist equipment such systems drive are single-purpose machines that can cost millions. But it's a different story for some small businesses and home users, who simply have not updated their machines.

"I really worry about those small companies," said Hugh O'Callaghan of Ernst & Young. "They don't have a lot of resources for IT for patching, but a lot of them now have technology that is very vulnerable."

Irish companies have rarely been incentivised to take IT security seriously. This is starkly illustrated in the realm of data protection, with half of Irish companies suffering at least one data breach in the last 12 months, according to the Irish Computer Society. The majority of data breaches are due to employee negligence or errors. But in almost all cases, there is no disciplinary effect. Losing a laptop or releasing a virus into the company network by opening an infected email are traditionally regarded as things that 'can happen to anyone'.

There is traditionally little or no regulatory sanction for companies who are remiss in this respect, with penalties limited to advisory notices or tiny fines from the Office of the Data Protection Commissioner.

This is about to change, however. New powers given to the Data Protection Commissioner will allow her to issue fines of up to €20m, or 4pc of a company's turnover. In a recent interview with this newspaper, Commissioner Helen Dixon said she intended to use these powers.

It may be that such sanctions will force Irish companies to think very carefully about making their computers safe.

Irish Independent

Promoted articles

Also in Business