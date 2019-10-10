One in four Irish companies are scheduled to have IT security support withdrawn by Microsoft in the coming months, unless they buy new PCs or pay new extra fees. The technology giant will stop protecting Windows 7 from viruses and malware from January 14, except for those who pay a new premium for extended security support.

One in four Irish companies are scheduled to have IT security support withdrawn by Microsoft in the coming months, unless they buy new PCs or pay new extra fees. The technology giant will stop protecting Windows 7 from viruses and malware from January 14, except for those who pay a new premium for extended security support.

Two years ago, Ireland faced a ransomware epidemic partially due to out-of-date Windows software on PCs.

The malware, including Wannacry, shut down HSE services and caused a number of small businesses to pay criminals hundreds or thousands of euro in cash to unlock their PCs.

In three months' time, hundreds of thousands of Irish PCs face potentially similar vulnerabilities when their operating systems lose security support.

"It will lead to attacks, whether ransomware or other types of exploits, on computers because they will be vulnerable," said Conor Flynn, managing director of ISAS and one of the country's most senior IT security specialists.

"Cyber criminals are very much lining up to take advantage of this. It will create a sense of confusion in the market as to who's covered and who's not.

"It's a significant opportunity for criminals and there's no question that we'll see an impact from this."

Even though the deadline is just weeks away, Microsoft has not yet disclosed how much extended support will cost for small businesses.

Shirley Finnerty of Microsoft Ireland

"We don't have an answer on that yet," said Shirley Finnerty, the business group lead for Windows and devices at Microsoft Ireland.

Industry sources say that the new cost for Windows 7 security support could be €50 to €100 per PC per year, for a maximum of three years.

"If an organisation waits and purchases extended security updates for the first time in year two or year three, they will have to pay for preceding years as well, since all security updates are cumulative starting January 2020," said Microsoft's official guidance documents. "After support has ended in January 2020, organisations will no longer receive regular bug fixes and patches, and the help desk will not be able to provide support."

However, the company's corporate vice-president for Microsoft 365, Jared Spataro, also said that the prices will rise.

"The Windows 7 extended security updates will be sold on a per-device basis, with the price increasing each year," Mr Spataro said.

Pricing is expected to be revealed in December. Although Microsoft is yet to publicly discuss this, reports earlier in the year suggested that the company was briefing enterprise customers on the likely costs.

For Windows 7 Pro, the cost was reportedly almost €50 per device for the first 12 months, double that for the next 12 months, and then double again (almost €200) for the remaining 12 months.

So an organisation with 1,000 PCs stuck using Windows 7 Pro could face an upfront security fee of €50,000 in 2020, rising to €200,000 in 2022 if they do not sort out upgrades in time.

Comparisons are being drawn to the chaotic end-of-support problems that occurred when Windows XP was cut off from security support five years ago.

Millions of company PCs worldwide were still using the operating system, and a wave of viruses and malware caused havoc among private enterprises and State organisations.

Public sector organisations, including hospitals and schools, got hammered by malware and had to pay emergency fees for remedial action.

The HSE had 1,500 systems using Windows XP when the notorious Wannacry malware epidemic struck.

A similar problem was faced by companies running devices such as ticketing machines, CCTVs, ATMs and public signage. For big organisations, the cost to update all of this was calculated in the millions, rather than the thousands.

The problem became so bad that Microsoft agreed to waive its end-of-support rule and provided patches for machines for XP.

However, local executives say that there is no guarantee such an event will be repeated, even when attacks occur.

"That's something we'd consider as and when it arises, but not something we could comment on right now," said Ms Finnerty.

In Ireland, just over two thirds (68pc) of Windows PCs use Windows 10, while 24pc use Windows 7, according to figures from Statcounter.

The statistics also show that the remaining 8pc use Windows 8, Windows XP or Windows Vista, all of which are similarly unsupported.

Migration to Windows 10, which was launched four years ago, has been slow, with only a 4pc switch from Windows 7 to Windows 10 over the past 12 months.

"It represents a failure of planning by IT departments and executives over the last couple of years," said Mr Flynn of ISAS. "Microsoft had long announced that this was coming. It's not a bolt out of the blue."

Mr Flynn also said that Microsoft's security support lifeline had not helped urgency in switching.

"Microsoft's extended support means that some IT departments have taken their foot off the gas on the issue, which is disappointing," he said.

"It's allowed people to be sloppy and lazy. The danger is going to be that some will afford it and get their patches, but there will be a sense of complacency among other people who hear that there's support and think that they're protected, when in fact they're not.

"The communication hasn't been clear that you will only get these if you get into a contract with Microsoft."

One of the features of Windows 10 is that it no longer requires wholesale replacement for Microsoft's next upgrade.

The business is trying to encourage companies that have held off upgrading into adopting the current system.

However, Microsoft said that the cost of Windows 10 is €260 for a small business, or €145 for a home version.

"The best way to experience Windows 10 is on a new PC," the company said. "While it is possible to install Windows 10 on your older device, it is not recommended."

Mr Flynn said that some companies put off their upgrades because they were late replacing Windows XP.

"There are quite a significant amount of businesses here still using Windows 7," he said. "In many cases, a lot of effort and pain went into upgrading XP to Windows. They left that upgrade for so long that it seems quite recent to them."

However, experts warn that companies which have not yet started to switch away from Windows 7 will be stuck paying Microsoft premium protection fees for the foreseeable future. "In our experience, migrations from previous versions of Windows involving Irish organisations with more than 200 users took 12 months to complete on average," said a report on the issue from the consultancy Auxilion.

"Of course, there are instances where the process can be completed in a much shorter time but, in almost every case, the migration time was much longer than initially anticipated by the client."

The overall cost to Irish businesses, Auxilion's report said, could be as much as €200m, based on the number of corporate devices in the market.

And there could be a squeeze on resources to help the process.

"Companies in that situation have no guarantee that a quick solution will be available in 2020, as demand for migration support services is likely to remain strong for quite some time," said the Auxilion report.

"Ireland has been quite slow to migrate to Windows 10, and there will likely be extreme resource constraints for projects starting in the latter part of 2019 and in 2020.

"The fact is that the IT industry simply doesn't have the capacity to meet a surge in demand from late migration projects."

As for what small companies can do now, Microsoft said they should go to a third-party vendor instead of it.

"We have a fast-track service to help customers with migration to Windows 10, but that's mainly for enterprise customers," said Ms Finnerty.

"Smaller companies should go through their channel partners."

Indo Business