The biggest security threat of 2015?
Microsoft's support programme for Windows Server 2003 (WS2003) is currently in the extended support phase, which is scheduled to cease on 14 July 2015. After that date, if a new security vulnerability is discovered, there is no commitment that a fix will be produced and released by Microsoft, nor will it address non-security defects or assist customers that encounter problems.
Windows Servers run systems that are the lifeblood of organizations and like that of Windows XP, the support deadline for WS2003 presents a significant liability. In 2014, there were a reported 22 million instances of WS2003 running worldwide, underlining why many in the InfoSec community see WS2003 end-of-life as the biggest security threat of 2015.
Time vs Security
In a similar vein to Windows XP, WS2003 benefits from a largely positive reputation for being stable, a trusted OS. This trust may have prevented organizations from undertaking migrations until very late in the day, if at all. For many in the enterprise community, it can be common to find a "if it isn't broke, don't fix it" mentality.
Despite some turning a blind eye to the issue, many others face another battle, that of time. In today's security landscape, organizations are so consumed spending significant amounts of time firefighting waves of malware that they simply don't have the capacity to plan migrations as thoroughly and diligently as they should. In fact, Ponemon recently found that US businesses spend around $1.3million each year chasing cyber threats that don't ever materialise, not to mention countless hours in lost productivity.
Finding a solution
It's clear then that organizations need to find a balance, a strategy or approach that affirms security on the one hand, but also promotes productivity on the other, freeing IT teams to focus less on the pitfalls of WS2003 end-of-life, and more on keeping the business secure and moving.
Read more about WS2003 end-of-life and what it means for you by visiting our hub page.
James Maude, Lead Cyber Security Researcher
James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.