Whilst every marketing person will talk about the latest and greatest tech innovation and product, how much does that reflect the reality of technology deployed in the world? Everyone is running Windows 11 and Windows Server 2022 right?! They also don’t use computers, because everything is cloud and mobile first right! and security, well everyone has that down as well! Great… let’s just go and check those statements out… oh wait…. no maybe err.. let’s take a look with our friends at shodan.io
And finally, the USA
This will vary by country and the internet exposed surface is NOT the definitive state of “how things are”, this is just one view of some of the top of the iceberg as it were.
The most common version of Windows exposed in the UK is Windows 10 Build 17763 – October 2018 Update or Windows 10 1809.
The next version appears to be Windows Server 2012 R2 – 6.3.9600
What does this tell us?
It tells us there is a dela and lag between “the art of the possible” and the reality for most people (and organisations). If we zoom around a few different countries this pattern doesn’t change too much either. There is still a large amount of Windows Server 2012 / R2 era technology deployed in the world (I’ve got some customers who still have NT4, 2000, 2003, XP etc.).
It’s good to keep an eye on reality, it’s very easy for people to get view “that all is amazing and perfect” in my competitors, but it’s probably not. What this does tell us though is that we have a global challenge with cyber security. We have a challenge of society to build new technologies that are secure by design and by default, but also that we must all play our part to modernise, improve and rise the bar with regards to keeping society digitally safe. The longer old technology sits around, the harder it is to upgrade it (that means more expensive for those who only seem to get focused when money is involved!). It’s important to keep your systems up to date for so many reasons, let alone the security implications, but also we have a long way to travel, just upgrading to Windows Server 2022 and lifting and shifting the app will likely leave you with insecure defaults and the “joys” of the application side. It’s simple, isn’t it? Isn’t it?