Indian Banks have received a note from IBA asking them to develop a transition policy to ensure their operations continue uninterrupted after April 8th, the day which has been earmarked by Microsoft to officially end support to one of its most famous Desktop Operating Systems; Windows XP
Why is IBA concerned by Microsoft? Developed and released over a decade ago, Windows XP was one of the most powerful and versatile Desktop OS of that time. Post Windows 98, Windows XP, created a furor in the Personal Computing (PC) market. Its adoption was and still is so phenomenal that despite its maker releasing 2 subsequent iterations, Windows 7 and Windows 8 (Windows 8.1 is out too), Windows XP still runs on many older systems.
Being emergent at the same time, Indian Banks, including Public Sector Units (PSUs) eagerly adopted Windows XP as the core OS, but now they appear to be highly reluctant to upgrade. As per recent estimates by Microsoft itself, there are more than 34,000 Branches of PSU Banks that have computers running Windows XP. Overall more than 70% of workstations run this outdated OS.
With no official support to patch security vulnerabilities, newly discovered loopholes might prove to be an easy entry point for hackers to steal whatever they please. As if the Computers not running an updated and secure version of Windows, is bad enough, it has been discovered that majority of the Automated Teller Machines (ATM) too have Windows XP as their Primary OS.
Risk Mitigation is by far one of the most routine activities that banks indulge in. Ironically, their computers and even the ATMs will soon become the most susceptible component of the system and it will be just a matter of time when a hacker will plug–in a home–made component into the communications port of an ATM and empty it out without arousing any suspicion.
Citing such ludicrous reasons as heavy expenditure involved in updating the OS on the Desktops and ATMs, banks have yet to take concrete steps. But Amrish Goyal, Microsoft India GM (Windows Business) was quick to add,
“We also have special offers for banks to encourage them to upgrade their systems”
Are such passive persuasive steps truly required to ensure the security of infrastructure that handles the core financial systems of Indian Citizens?