End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise
Recent breaches at major UK retailers, combined with the approaching end of life of Windows 10, highlights a critical moment for IT resilience planning
The recent wave of cyberattacks targeting major UK retailers has highlighted the growing security risks associated with organisations running outdated systems and applications and maintaining weak identity verification protocols. These incidents—particularly those involving Marks & Spencer and the Co-Op—have starkly exposed how vulnerable legacy infrastructure and insufficient access controls can be.
In both cases, attackers successfully posed as legitimate employees and manipulated IT help desks into resetting internal passwords, ultimately gaining access to critical systems. The breaches led to serious operational disruption and substantial financial consequences, underscoring the urgent need for organisations to eliminate all areas of potential risks in line with today’s threat landscape.
With the end of Windows 10 support fast approaching, on 14th October 2025, these events serve as a timely warning: continuing to rely on unsupported operating systems not only increases exposure to such attacks but also reflects a broader gap in cyber resilience that organisations must urgently address.
“These attacks are a stark reminder that security breaches often begin with people and their lack of regular training’,” said Roy Charman, CTO Infrastructure at Espria. “When outdated systems are involved, it compounds the problem. Without security updates, patches and support, any known vulnerabilities remain wide open to exploitation.”
Recent data shows that 52% of UK businesses are still operating on Windows 10. After Microsoft withdraws all support in October, these systems will no longer receive security updates or patches—leaving organisations increasingly vulnerable to threats and long-term cyber risk.
“The real concern is not just the deadline—it’s the lack of preparedness,” continued Charman. “Many organisations have yet to assess which of their devices can be upgraded, which need replacing, and what the rollout timeline should look like. Delaying that process leaves very little room to act effectively later.”
“We’re not just talking about technology upgrades; we’re talking about safeguarding day-to-day operations, customer data, and organisational resilience,” he added. “This is a window of opportunity to strengthen security across the board—not just by moving to a supported OS, but by re-evaluating the basics, like password policies, help desk verification protocols, and device hygiene.”
Security experts at Espria advise organisations to take the following steps without delay:
- Audit all devices still running Windows 10 to assess compatibility for upgrade
- Develop a structured migration plan to Windows 11, prioritising systems that handle sensitive data or critical operations
- Strengthen help desk protocols and identity verification processes to reduce the risk of social engineering attacks
- Ensure endpoint protection tools are fully deployed, updated, and aligned with current threat landscapes
With Microsoft’s support deadline now just five months away, organisations are being urged to make the transition a strategic priority.
Charman concluded, “These incidents make one thing clear: attackers aren’t relying on sophisticated hacks—they’re exploiting basic oversights in process and system maintenance, continuing to run Windows 10 past its support deadline isn’t just a technical risk—it’s an open invitation to be targeted next.”
You may be interested in
Beyond Copilots: Why AI Agents Are the Next Competitive Advantage
AI is no longer a tactical tool, it’s becoming the engine of enterprise transformation. While copilots and other generative AI tools have helped teams work faster, the real breakthrough is happening with AI agents: autonomous systems that don’t just assist but act, learn and orchestrate entire workflows across the business. The question every executive should be asking is: “How will we harness AI to create value at scale before our competitors do?” High-performing organisations aren’t waiting. They’re embedding AI agents into daily operations and seeing measurable impact; accelerated decision-making, leaner processes and stronger financial outcomes. When markets move at digital speed, standing still means falling behind. Here’s why: So, the question isn’t “Should we adopt AI?”, it’s “What could…
Zero Trust Networking
Protecting Employees Without Friction Your workforce is your greatest asset, and your greatest vulnerability. Attackers know this, which is why phishing and credential theft remain the most common entry points. But here’s the leadership challenge: how do you protect employees without slowing them down? Zero Trust answers that question by making security invisible yet uncompromising. Employees work from anywhere, home, client sites, airports, without clunky VPNs or endless password resets. Behind the scenes, every login is verified, every device assessed, every anomaly flagged. If something looks wrong, a compromised credential, an unusual location, the system reacts…
Shadow AI: Executive Briefing on Real Risks, Business Impact and Mitigation
Shadow AI is here, and it’s growing Shadow AI is the use of artificial intelligence tools and platforms outside the oversight of IT, security, or compliance teams. This is not a hypothetical concern. KPMG’s 2025 global survey found that up to 58% of employees are using AI productivity tools daily, and nearly half admit to uploading sensitive company information to unauthorised platforms. Only 41% of employees say their organisation has a policy guiding the use of generative AI, revealing a significant governance gap. The Risks Are Real and Substantial The evidence from leading analysts and recent incidents is clear:…
Cyber Resilience in 2025: From Tick-Box to Boardroom Imperative
What the NCSC’s 2025 Review Means for UK Businesses The National Cyber Security Centre’s (NCSC) 2025 Annual Review is a wake-up call for business leaders across the UK. The days when cyber security was simply an IT concern or a routine compliance task are over. With a record number of nationally significant cyber incidents handled in the past year (more than double the previous year’s figure), it is clear that cyber risks have become a central issue for organisational survival and national prosperity. The Evolving Threat: Why Businesses Can’t Afford Complacency No sector has been spared in the latest…
Is Your MSP Really Helping You Grow — Or Just Keeping the Lights On?
There’s a moment in every business where the question quietly surfaces: “Are we getting what we really need from our IT provider?” It’s not always easy to answer. On the surface, things seem fine. Tickets are resolved. Reports arrive. There’s someone to call when things go wrong. It’s familiar. It’s comfortable. And that comfort can be deceiving. Because beneath the surface, many organisations are stuck in a service relationship that feels safe — but is actually stagnant. And here’s the truth: comfort isn’t the same as progress. For many, the idea of changing MSPs or challenging the…
The 2025 State of Ransomware: Key Insights on Attacks, Costs, and Recovery
Ransomware continues to evolve — and so must our defenses. The State of Ransomware 2025 report from Sophos presents one of the most comprehensive views yet into how organisations around the world are being impacted by ransomware attacks. Based on an independent survey of 3,400 IT and cybersecurity leaders across 17 countries, the report explores how attacks are evolving, the operational weaknesses adversaries exploit, and the human and financial tolls that follow. Whether you’re building a cybersecurity strategy or assessing risk, this year’s findings offer crucial, real-world insights to guide your response. Key Findings from…