What dangers exist for your business if you decide to ignore end of support and forge ahead bleeding a little more life out of your current technology? Nothing and everything are the quick answers to that question.
When you’re in the business of technology, it’s hard not to feel like you’re also in the insurance industry–selling people on the potential dangers of everyday life and hoping that none of those scenarios come true.
Most everybody remembers the infamous Y2K apocalypse scare, where many were convinced the dates in our computers switching to the year 2000 they would cause them to spontaneously combust like the tapes from a Mission Impossible episode.
The truth was that most businesses and their computers were just fine.
Here we are again, and nobody is using the word apocalypse this time, but it is time for a change and I’m here to tell the cautionary tale of a former customer who buried their head in the sand and chose not to do anything the last time Microsoft retired some of their products.
In this case, PEI as the trusted advisor told the customer that they had a problem, told them what they should do about it, and explained the risks.
An End of Life Environment
In this scenario, this customer was notified by PEI that they had a piece of hardware in their environment that was running business critical applications. The operating system had reached end of life and was past the final support date.
The patching was out of date and the vendor for the business line application would not let us patch the server-meaning significant security vulnerabilities were at play. They also had the RDP port open, so they could take control of the machine easily when they needed to. But of course, that meant so could anyone else with enough desire and a little bit of skill.
If this sounds ominous–and it should–it’s for good reason.
Choosing Not to Act
Our recommendation was to upgrade this machine immediately to mitigate the risk to the rest of their business. The vendor for the business line application believed that PEI had overstated the risk and that this machine was not at risk for being compromised.
They considered their machine and its software to not be a security risk. This was the beginning of what might be termed a period of ‘second guessing’ by the customer. They believed PEI did not have their best interests in mind when recommending the replacement of this machine.
In the coming weeks, nothing out of the ordinary happened for this customer. However, the nature of cybercrime is such that criminals will look for a weakness and exploit the easiest entry point possible. The question really isn’t ‘if?’ and is definitely more ‘when?’.
Suffering the Consequences of End of Life
This machine was on their network and cyber criminals eventually exploited a known weakness in the software, which was past end of support, unpatched, and had an open RDP port to gain access to the machine.
From there, these criminals found their way through the rest of the machines on the network and infected every other machine with a Crypto Locker virus even though the rest of the machines had current operating systems and current patches had been applied.
The next thing that happened is the inevitable finger pointing while trying to recover all of the lost data. A large bill was looming on the horizon and was going to come due. The business was at a dead stop while all of the recovery work took place. This means that on top of paying for emergency work to recover the data, the customer was also losing money from the downtime.
PEI was eventually able to restore this customer’s data was restored as best it was possible. It’s a very expensive lesson to learn, and it shouldn’t require this type of tale to spur a business to act. This client treated their aging technology/software like an ostrich with its head in the sand and chose not to heed the warnings provided by their trusted advisor.
Preparing Your Business Environment for End of Support
We partner with our businesses to act as trusted advisors for a very good reason—we want to protect our customers from situations like this.
With four significant pieces of Microsoft technology reaching end of support by October 2020, we suggest you begin engaging with your IT Partner now to determine what will need to be done to protect your business from becoming someone else’s cautionary tale.
Darrin LeBlanc, PEI
Upcoming End of Support Dates and Resources:
SQL Server 2008/R2 Options Guide (End of Support Date July 9. 2019)
Windows Server 2008/R2 Options Walk Through (End of Support Date January 14, 2020)
Windows 7 end of support means no regular patches for operating systems on employee devices. Save money on an upgrade to Windows 10 and never worry about end of support again with a licensing bundle like Microsoft 365 or Microsoft Modern Desktop.
Office 2010 (End of Support Date October 13, 2020)
Office 2010 users can choose between capital or operational expense models when upgrading. Office 365 plans always include the latest updates as well as access to many powerful cloud services like OneDrive and Teams