Windows XP usage a concern for CERT Australia

Cyber Crime and Security Survey finds 13 per cent of organisations had no plans to migrate off XP

Computer Emergency Response Team (CERT) Australia is urging companies that haven’t migrated off the Windows XP operating system (OS) to start doing so because they are at increased risk of network vulnerability.

The 2013 Cyber Crime and Security Survey received responses from 135 businesses that partner with CERT Australia.

The survey found that 13 per cent of respondents had no plans to migrate off XP, despite support and patching ending on 8 April 2014.

In addition, 8 per cent of businesses surveyed did not know if they had IT security plans in place.

“Anecdotal reports indicate that cyber criminals have been stockpiling new XP attacks, waiting for support to end,” read the survey.

Of the organisations using XP, 79 per cent had migrated to new software.

XP was launched in October 2001. According to Microsoft, it has been supported for more than 12 years – longer than any other Windows OS.

Microsoft Australia's commercial product marketing manager, Emmanuele Silanesu, told Computerworld Australia in January 2014 that a full migration off XP can take up to six months, depending on the organisation’s size.

“Businesses will need to take into account the size of their employee base, the number of existing apps currently in use as well as the data that will need to be migrated. All these aspects can be roadblocks to the migration path and add time to the process,” he said at the time

Risk register

Turning to other areas of concern, the report found that 61 per cent of businesses surveyed did not have cyber security incidents identified in their risk register.

“This may be linked with the identified need for management and CEOs to improve their IT security skills, practices and perhaps awareness,” read the report.

Commenting on this, Attorney-General George Brandis said that cyber security should be considered a “CEO or board issue” and not just an information security issue.

“Importantly, the survey indicates the cyber security conversation is shifting from being only about technology to also recognising social, behavioural and cultural factors,” he said in a statement.

For example, 60 per cent of respondents said that IT staff, the CEO and board of directors needed to improve their cyber security skills or practices.

This was because 57 per cent of respondents said the main internal factors that contributed to cyber security incidents were staff errors.

According to the report, 51 per cent of business surveyed said external targeted attacks had contributed to incidents, while the remaining 49 per cent indicated that third party risks were making their business potentially vulnerable.

“Constant review and improvement is important as there has been an overall increase in the number of cyber security incidents experienced by businesses, most of which have been targeted rather than random or indiscriminate attacks,” said Brandis.

CERT Australia’s report found that 56 per cent of the businesses surveyed had identified intrusions or incidents on their networks. This was an increase of 34 per cent on the 2012 findings where 22 per cent of respondents had found cyber security incidents.

Most of these incidents were targeted emails, followed by virus/ worm infection and Trojan or rootkit malware.

While cyber intrusion incidents were on the rise, the number of businesses that spent more on IT security had decreased by 25 per cent since the 2012 report.

According to CERT Australia, only 27 per cent of businesses surveyed spent more on IT security in 2013, compared with 52 per cent of businesses in 2012.

Brandis also had some cyber security advice for Australian businesses:

  • Understand the value of your information and how it is protected on your network
  • Create a culture of cyber security awareness and practices
  • Ensure cyber security incidents are identified in your business risk register.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Read More:

Join the Computerworld newsletter!

Error: Please check your email address.

Tags Mircosoftwindows xpcert australiaGeorge BrandisCyber Crime and Security Survey 2013

More about Attorney-GeneralCERT AustraliaComputer Emergency Response TeamMicrosoft


Ari Ermawan


Not only businesses are not upgrading. Even individuals are staying on the fence, holding on to their existing machine / operating system.

There is no point for upgrading to Windows 8 family operating systems. The troubles are seen outweigh the benefit.

The troubles and annoyance that will arise due to the usability of Windows 8 family OS may be more "frightening" then the thought of chances of getting cyber attacked, as most people will get certain level of protection from their anti virus software already.

Windows 7 is the best. However, its getting hard to find as retailers have withdrawn their stocks (may be under instruction from or agreement with Microsoft) to sell more Windows 8.

Therefore, as long as Windows 9 is not coming out and proved an excellent replacement then we will still find many people using Windows Xp.



@ Ari, have you even used Win 8 or 8.1?
I have been using using Win 8 since day 1 of its release. Now using 8.1. Also I have a win phone 8.
I have never had an issue with a crash or software not running be it anti virus or the like. I have a good system 12 months old I custom built, 64 bit architecture. I use Photoshop CS5, video software as well as office 2007, I have never had an issue.
The reason people are holding off is due to the fact they are scared. I even installed my old Office 2003 to see if there was an issue, but hey presto the sky did not fall down. My 4 year old Fuji laser printer works fine as do all of my other hardware components. I have sold pc's over the years from win 3 then 3.1, yes the original IBM pc with 512 k ram and single floppy drive, right thru to what ever os that has come along.

People need to see the benefits of the new OS. I like the metro interface as I can see what I want at a glance rather than have to actually open a program to see. I have customized the metro interface into groups eg video editing, photo editing, internet, office etc.
Now with 8.1 the OS boots into the desktop and you have the old XP, etc desktop. Here you can place short cuts etc and set up as you wish. I find myself not using the desktop & go straight to the metro interface as its so much easier and faster.

No I am not a Microsoft employee or the like. Funny how you say win 8 is unusable, please explain more as I have yet to find anything that will not work, my Dslr camera, scanner, printers etc all work, cloud services work, Google, Apple iTunes and the like all work fine. I have 2 iPads an iPad Air & iPad 2 all connect to iTunes and can be updated, back up'ed and software purchased using Win 8.

Win XP is dead, it will not run updated Internet Explorer, Adobe products, iTunes or other software as it is so old. I cringe when friends say I use XP. Not to mention the security issues alone would make me update to at least Win 7.

Win 9 is going to be an updated Win 8 and bring Win Phone and tablets under the same roof like Apple is doing with IOS, funny you did not mention Apple not supporting any of their operating systems more than 2 years old. Apple have left you are left high and dry as they stopped support for older OS ages ago but still people use it.

The biggest issue here is people are scared of change, go to a computer shop like Dick smith or Harvey Norman and try the OS before you say its a dud.

Comments are now closed

UK plans Australia-style data retention regime