Windows XP: Upgrade or prepare to pay the price, warns Symantec

Small to medium-sized businesses using Windows XP need to upgrade to security-supported operating systems (OS) if they want to protect themselves from hackers or avoid expensive contracts with third-party support providers, according to security firm Symantec.
Symantec security strategist Sian John said the potential cost of a data breach means upgrading from XP makes sense from a business and a security perspective, during a press briefing.
"I think when you look at the cost of an upgrade it is cheaper to do the upgrade than to live with the alternative," she said.
"It's cheaper to upgrade from XP than it is to try and keep supporting it yourself or using a third party. If you are a small organisation I'd strongly urge you to look at the cost as a whole. It's always better to use a security-supported OS."
John's comments come on the same day that Microsoft officially ceases support for Windows XP. The cut-off means Microsoft will no longer issue security updates for newly discovered flaws in Windows XP. This has led to concerns within the security community that hackers have been hoarding Windows XP exploits, ready for a hacking frenzy once support ends.
Senior manager for Symantec Security Response, Orla Cox, said the company is taking steps to prepare for the predicted attacks. "I think it's a concern for organisations as so many are still on XP, there's a potential that hackers out there are sitting on exploits and we will be on alert. That's why even though XP is being cut off we're still providing protection," she said.
John said businesses running legacy systems that require the use of Windows XP should take advanced security measures to secure the systems. The Symantec security strategist highlighted work the company has done securing ATMs running XP as an example of how to mitigate the risk.
"Lock down the OS. Take a snapshot of what you need, set it up and make it so it can't be modified. Like our recent work locking ATMs with XP software, so only critical banking applications run," she said.
"If they [businesses] have got some software they can't upgrade to a newer OS, then they should lock down the OS in the same way. Keep it running on just the systems that need to run that software and make sure it's locked down."
Symantec is one of many security companies to warn firms of the dangers of continuing to use Windows XP. Security researchers from F-Secure called for businesses to reduce their use of Windows XP to a minimum earlier in March.