Greater Manchester Police represents England’s second biggest police force, and it has been revealed today that one in five of its computers are still running outdated Windows XP as of July.
Greater Manchester Police told the BBC that 1,518 of its PCs ran the ageing and vulnerable operating system – 20.3% of all the office computers it used.
The vulnerability of outdated software was exposed in disastrous fashion by WannaCry and (Not)Petya this year, and experts warn the news today poses a serious hacking risk.
“Even if security vulnerabilities are identified in XP, Microsoft won’t distribute patches in the same way it does for later releases of Windows,” said Dr Steven Murdoch, a cyber-security expert at University College London.
“So, if the [police’s] Windows XP computers are exposed to the public internet, then that would be a serious concern.”
“If they are isolated, that would be less of a worry – but the problem is still that if something gets into a secure network, it might then spread. That is what happened in the NHS with the recent WannaCry outbreak.”
In response, Greater Manchester Police said it was reducing its reliance on XP “continually”.
“The remaining XP machines are still in place due to complex technical requirements from a small number of externally provided highly specialised applications,” a spokeswoman told the BBC.
“Work is well advanced to mitigate each of these special requirements within this calendar year, typically through the replacement or removal of the software applications in question.”
David Emm, principal security researcher, Kaspersky Lab, commenting on this news, said “It is now more than three years since Microsoft stopped supporting Windows XP. Yet just months after the WannaCry epidemic underlined the importance of ensuring that the latest patches are applied, we learn that England’s second biggest police force ‘appears to be running outdated Windows XP’. It’s alarming that some organisations continue to use Windows XP. The fact that Microsoft issued emergency updates for XP and other unsupported systems in response to the WannaCry outbreak shouldn’t lure organisations into a false sense of security: there’s no guarantee that this would happen for future attacks.”
“It is important to remember that cybercriminals target systems and applications that are widely-used. Even if companies are running the latest software, it is still crucial that they have preventive measures in place to protect themselves from ransomware attacks.”
Kaspersky Lab’s top tips for businesses are:
• Install updates to all devices as soon as they become available.
• Back up data regularly.
• Use a reliable security solution, and remember to keep key proactive detection features switched on.
• Encourage staff to adopt a security mindset – in particular, to exercise caution when opening mail attachments or clicking on links.