Microsoft’s support for Windows XP’s operating system will cease as of April 8, 2014, says a joint statement release (link at end of this article). This discontinuation of support will produce fallout-in the form of security issues-for financial institutions plus their technology providers, says the Federal Financial Institutions Examination Council.
I am an expert on personal security and identity theft, and a speaker and trainer on information security and personal protection. Many people have been asking me about the potential problems with this discontinuation, so below is helpful information.
Summary of FFIEC’s Joint Statement Concerning the End of Microsoft Support for Windows XP Operating System
- Financial institutions, technology service providers (TSPs) and third-party-supported activities may experience operational risks.
- These entities should identify, evaluate and manage these potential risks to preserve safety, soundness and efficacy of product and service delivery.
What the Discontinuation of Microsoft XP Support Means
- MS XP will be minus regular security patches and technical assistance.
- Increased operation risk may affect financial institutions, TSPs and relevant third-party supporters that depend on XP for personal computers and other devices such as ATMs.
- Deterioration in delivery of various services and products; application glitches; increased vulnerability to data theft; unauthorized deletions or additions; and data alteration.
- TSPs and financial institutions that are subject to requirements of the Payment Card Industry Data Security Standard, that continue to rely upon XP after support is discontinued, may no longer be compliant.
- It’s crucial for financial institutions and TSPs that continue using XP to monitor their risk management processes to keep ahead of potential risk issues that are outlined in the FFIEC Information Technology Examination Handbook.
Some Important Considerations About the XP Support Discontinuation
- Identifying and measuring risks, including those that include disaster recovery situations and business continuity, from continued XP use throughout the entity’s organization plus at third parties.
- Developing solutions by considering costs and potential risks that include those affecting other systems and applications.
- Planning that addresses priorities for making suitable changes that include monitoring relevant third-party resolution activities.
- Monitoring and managing risk resolution implementations. This may include implementing controls that are designed to supply additional monitoring for systems supported by XP and protecting XP from possible threats.
One of the FFIEC’s recommendations for financial institutions involves complex device identification, a technology that helps protect online systems from fraud.