Banks have been asked to bolster their cyber defences by the regulator.
This is a Good Thing IMHO
However Windows XP, released in 2001 still forms a large part of a banks IT platform (~34%). From April 8th 2014 windows XP will no longer be supported by Microsoft
For example: Dean Stewart, senior director of core product solutions at Diebold, one of the major ATM service providers, estimated that around 75% of ATMs in the U.S. are based on XP. “Running an unsupported OS would render a financial institution non-compliant with payment card industry (PCI) requirements. If declared non-compliant in an audit, fines could run thousands — even tens of thousands — of dollars per month” according to Diebold’s Stewart.
If Microsoft no longer offer support on XP it means that the operating system will no longer have any ongoing security patching. This means that once a security bug has been discovered it will be open for all cybercriminals to use for ever. Thus that any banks with a windows XP legacy will be wide open to cybercrime and will fall foul of the impending regulations
To describe how easy it will be to compromise XP this is a live attack on IE 6 through 11 which Microsoft has not yet patched but it public domain and exploitable using metasploit.
After April 8th next year this sort of thing will not be fixed in windows XP ever.
Where is bank cybersecurity then?
