Are you prepared for the Windows 10 transition? It's a question that's been asked many times and in many different ways over the past few months, as we inch closer and closer to 2020.
But here's a question you probably haven't heard, which may be just as important: Is your financial institution PCI DSS 6.2 compliant? If you're still using Windows 7, the answer may soon be a resounding no. Here's why:
As you're surely aware, the Payment Card Industry Security Standards Council primarily operates as an oversight organization whose goal is the ongoing health and risk prevention of fraud affecting the financial services industry and account holders. They do this through the promotion and development of various policies, guidelines and procedures to ensure compliance.
What is PCI DSS 6.2?
One of these compliance protocols is called PCI DSS 6.2. The rule itself is fairly lengthy, but here's the long and short of it:
"All system components and software must be protected from known vulnerabilities by installing applicable vendor-supplied security patches within one month of release."
Otherwise known as the 30-day patch rule, this mandate basically means that financial institutions should update their OS systems as soon as the amended software becomes available. Those that do not do so leave themselves out in the open and subject to fines and penalties for non-compliance given that their networks become compromised, risking the safety of their account holders' information.
But with Windows 7 officially out of commission in January, Microsoft will not have any patches to support security vulnerabilities that may arise. How is this relevant? Since the software program's original release back in 2009, Microsoft has developed nearly 1,000 security patches, according to data compiled by the MITRE Corporation, therefore it's inevitable that another will be needed on systems where Windows 7 remains in place.
Financial sector often preyed upon
That's a problem, because of all the industries in the world, the financial sector is among the most targeted, according to the Identity Theft Resource Center. In fact, FIs are 300 times more likely to be impacted by a security incident than other industries.
ATMs recently have been in hackers' crosshairs – they are ripe for the picking with as many as 85% of ATMs being identified as "poorly secured" from network attacks, according to analysis conducted by Positive Technologies last year.
Securing your ATMs and your FI as a whole is a multi-pronged process, of course, involving both physical security as well as electronic security. However, there's a fairly straightforward solution to Microsoft no longer producing patches for Windows 7 – migrating your systems to the Windows 10 operating system.
Functionality improvements have given Windows 10 much of its notoriety. However, where it's particularly effective is in its resistance to hacking and the variety of forms it comes in, from malware to denial of service attacks. It's effectiveness in this regard is part of the reason why the ATM Industry Association called on FIs to make the transition back in 2015, nearly four years prior to the official decommissioning of Windows 7.
So what's taken so long for adoption to kick in? There were Win10 kinks to be ironed out, which the company has since addressed with the help of Positive Technologies. For instance, PT's Mikhail Tsvetkov detected a vulnerability that had the potential to allow bad actors to tap into a network through a mobile device by manually configuring a DHCP server. However, it appears that issues have been resolved enough to prompt swift onboarding for banks and credit unions.
Windows 10 users have defenses old OS don't
Hackers are constantly looking to prey upon any openings that they can exploit, which is why Microsoft has been urging all Windows users – consumers included – to update their OS. However, thanks to the advanced security settings and capabilities of Windows 10, many of the vulnerabilities in legacy software programs aren't an issue for Windows 10 users, according to Forbes.
An eye-opening 80% of organizations are non-PCI compliant, according to a report from Verizon. A simple way of ensuring that your FI does not fall into that category – while shoring up your security in the process – is upgrading your systems to Windows 10.
BranchServ is your optimization headquarters. We're in the business of helping FIs adapt to the ever-changing security landscape. BranchServ can supply you with the insight, technology and time-saving enhancements that yield results. Please contact us for a free demo.