The Register reports that the Tokyo Electric Power Company (TEPCO) has been instructed to upgrade its 48,000 Internet-connected PCs from Windows XP to a current and more secure operating system.
TEPCO is the owner of the notorious Fukushima Daiishi nuclear energy plant, which experienced a nuclear meltdown in 2011.
Apparently, TEPCO had initially deferred the upgrade as a cost-saving decision, and the upgrades could even have been deferred to as late as 2019, according to a press release issued by the company last year.
The Japan Board of Audit, a body that oversees government finances, has now ordered an urgent upgrade, which TEPCO has reportedly accepted.
It is almost unimaginable that a large utilities provider that operates in a critical sector could still be using Windows XP. Microsoft officially withdrew support for Windows XP in April 2014, making this month a year since the operating system has been without crucial security updates. It is common knowledge that PCs running Windows XP are not secure and are at risk of infection by a host of unwanted intruders.
In a world where malware can provide unauthorised access to systems, networks and data, the decision to defer an upgrade of critical software owing to budget constraints is nothing short of reckless.
It has been proven that outdated and unpatched devices present a major security risk for companies, as they are substantially more vulnerable to outside cyber threats. And the longer the software remains unpatched or not updated, the higher the risk. According to HP’s 2015 Cyber Risk Report, 44% of data breaches in 2014 exploited known vulnerabilities that were between two and four years old.
If you are still looking for a simple and cost-effective solution to identify your information security risks and provide audit-ready reports, look no further than vsRisk, the leading cyber security risk assessment software. vsRisk is straightforward, quick to use, and can save you a significant proportion of the budget that you might otherwise spend on consultancy advice when conducting a risk assessment.