One of England’s biggest police forces has revealed that more than one in five of its computers runs on Windows XP.
The findings, obtained through a freedom of information request by the BBC, found that 1,518 of Greater Manchester Police's computers were still using the XP operating system. That figure represented 20.3% of all the computers used in the force.
Windows XP is a legacy operating system that is no longer supported by Microsoft and many vendors, this means that it’s well known for being riddled with vulnerabilities, making it very attractive to cyber criminals.
Given all the issues that the NHS suffered in the WannaCry outbreak following their use of legacy systems, you might expect the police to be ahead of the curve on this issue. There is the potential here that those fighting cybercrime are at huge risk of becoming victims of it. Although this all seems counter-intuitive, there are a number of reasons why businesses continue to use Windows XP, the most common being that their hardware or software is designed for Windows XP, and there would be huge cost implications if they were to migrate to a newer version. This is typically more of an issue in the public sector and it’s no surprise that GMP has yet to fully migrate.
Given the high value of the data that GMP and the Police National Computer network hold, they must look at solutions available to help secure their legacy systems. The best way to do this is to adopt a proactive defence-in-depth approach to security. This can be done by layering different solutions on top of each other, such as privilege management to minimise user access and application allow listing to safeguard from malicious applications, as well as network filtering and segregation to limit the system’s exposure to threats.
James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.