According to a report in the Financial Times, Microsoft will stop issuing security patches and updates for bugs in the Windows XP system starting from the 8th of April 2014. This leaves 95% of all ATMs which run the operating system vulnerable to hacking. Machines that run on outdated operating systems that are not receiving security updates are the easiest to hack.
It is stated in the same report, which cites information from NCR the largest provider of ATMs, only a third of ATMs will be able to upgrade before the 8 April deadline. This cut-off date has been a long time coming as Microsoft has been trying to wean user off Windows XP.
Its attempts to migrate users off the system in 2007 were unsuccessful because of its popularity. This led to a 7 year extension which will now expire, starting with support. According to a separate report from Business Insider, Windows XP, which was first released in 2001 is Microsoft’s second most popular operating system.
Most institutions had been putting off system updates as the process is complicated and expensive. Any further delays to system upgrades might save banks money and the complications in the short term but this increases the risks of hacking.
Whatever updates Microsoft issues for its three newer operating systems can be reverse engineered to identify weaknesses in Windows XP. In the same report from the Times, Timothy Rains, Microsoft’s director of Trustworthy Computing is quoted as confirming with certainty the risk of attacks based on updates for Windows Vista, Windows 7 and Windows 8.
In other reports, it has been suggested that banks will likely engage Microsoft in special arrangements for extended security support. Analysts also expect that financial institutions will invest more in other forms of cyber security.
Rains has warned how developing countries are at a risk of experiencing a rise in malware frequency which is attributed to high incidents pirated software use. While all of this is a huge issue on a global scale it remains to be seen whether Zimbabwe’s own financial services institutions are geared for what might happen.