particularly the payment cards which you so much treasure, may sadly
be like the proverbial basket used to store water. If recent
developments are anything to go by, only God will prevent hackers from
being smarter than you.
Do you know why? Microsoft server 2003 and 2003 R2, which supports the
platform, will come to the end of their life circles by July 2015.
This is a normal support life cycle policy for Microsoft.
The implication of this expected development is that over 25 million
electronic payment cards issued by 23 Nigerian banks could be at risk
of malicious and targeted attacks by cyber criminals.
With unconfirmed reports that banks in Nigeria, already lost N40
billion to online fraud cases in 2013 alone, when Microsoft's extended
support period for these products cuts off, next year, which means
that there may not be updates and patches for combating security
issues, loss of compliance and regulatory certifications for banks,
vulnerability may widen.
Industry practitioners have also expressed fears that the end of
support period will also mean that support on applications and
programmes will come to an end for any organisation, datacentre or
server running this Operating System (OS) after the stipulated date.
This lack of compliance, according to them, may come with a huge risk
for local financial services partnership with global Payment Platforms
like Visa, MasterCard among others.
Meanwhile, of the 25million e-payment cards in circulation, 18 million
were issued by Verve, a local card operator, which has over the years
built up strategic partnerships with MasterCard and Visa, for various
co-branded cards.
However, all hope is not lost for organisations that are proactive.
Chief Executive Officer, Wragby Business Solutions & Technologies
Limited, Mr Gbenga Iluyemi, admitted that the end of Windows 2003
support life circle will impact on payment platforms that run on the
Operating System, but added that it is only if they did not quickly
migrate to the latest version.
According to him, there is need for organisation to conduct critical
assessment on their networks and payment platforms "Payment cards,
Automated Teller Machines (ATMs) in the country that run on Windows
Server 2003 will be impacted, security wise, if they are not migrated
to a latest technology platform. Between now and 2015, it is crucial
for companies to make adequate plans. They will need to migrate to
Windows 2008 or Windows 2012 R2. But there is also need for them to
conduct critical assessment of their respective Information Technology
environments before embarking on a migration process."
He said that organisations that may be affected by this unfortunate
development would need to do an assessment of how many servers are
running on their platform, may need to understand how many apps are
sitting on their server. And thereafter, do a risk assessment before
deciding which of the latest platform to adopt.
Meanwhile Microsoft's PR Lead, West Africa Anglophone, Oluwamuyemi
Orimolade, in a recent interview, had warned that running WS03 after
the product's end of support date may expose the customer's business
to compliance and security risks.
He said "as the threat landscape evolves, unsupported and unpatched
environments are vulnerable to security risks. As a frame of
reference, 37 critical updates were released in 2013 for WS03. if a
company is still using WS03, this may result in an officially
recognised control failure by an internal or external audit body,
leading to suspension of certifications, and/or public notification of
the company's inability to maintain its systems and customer
information. Staying put on the old platform costs more in the end.
Hardware maintenance and advanced security systems will drive up
costs. "Failing to take advantage of new technologies and application
opportunities can hinder a company's success", he added. Microsoft
believes that traditional methods of modernising applications -
reinstalling, upgrading the machine or rebuilding are more complex,
expensive and time consuming than migrating applications onto a new
operating system. Besides, it introduces high risk to critical
line-of-business applications, and add no value when it comes to
modernising the infrastructure, increasing security and compliance
risks.
No comments:
Post a Comment