End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise
Recent breaches at major UK retailers, combined with the approaching end of life of
Windows 10, highlights a critical moment for IT resilience planning.
The recent wave of cyberattacks targeting major UK retailers has highlighted the growing
security risks associated with organisations running outdated systems and applications and
maintaining weak identity verification protocols. These incidents—particularly those involving
Marks & Spencer and the Co-Op—have starkly exposed how vulnerable legacy
infrastructure and insufficient access controls can be.
In each case, attackers successfully used social engineering or posed as legitimate
employees and manipulated IT help desks into resetting internal passwords, ultimately
gaining access to critical systems. The breaches led to serious operational disruption and
substantial financial consequences, underscoring the urgent need for organisations to
eliminate all areas of potential risks in line with today’s threat landscape.
With the end of Windows 10 support fast approaching, on 14th October 2025, these events
serve as a timely warning: continuing to rely on unsupported operating systems not only
increases exposure to such attacks but also reflects a broader gap in cyber resilience that
organisations must urgently address.
“These attacks are a stark reminder that security breaches often begin with people and their
lack of regular training,” said Roy Charman, CTO Infrastructure at Espria. “When outdated
systems are involved, it compounds the problem. Without security updates, patches and
support, any known vulnerabilities remain wide open to exploitation.”
Recent data shows that 52% of UK businesses are still operating on Windows 10. After
Microsoft withdraws all support in October, these systems will no longer receive security
updates or patches—leaving organisations increasingly vulnerable to threats and long-term
cyber risk.
“The real concern is not just the deadline—it’s the lack of preparedness,” continued
Charman. “Many organisations have yet to assess which of their devices can be upgraded,
which need replacing, and what the rollout timeline should look like. Delaying that process
leaves very little room to act effectively later.”
“We’re not just talking about technology upgrades; we’re talking about safeguarding day-to-
day operations, customer data and organisational resilience,” he added. “This is a window of opportunity to strengthen security across the board—not just by moving to a supported OS,
but by re-evaluating the basics, like password policies, help desk verification protocols, and
device hygiene.”
Security experts at Espria advise organisations to take the following steps without delay:
- Audit all devices still running Windows 10 to assess compatibility for upgrade
- Develop a structured migration plan to Windows 11, prioritising systems that
handle sensitive data or critical operations - Strengthen help desk protocols and identity verification processes to reduce the
risk of social engineering attacks - Ensure endpoint protection tools are fully deployed, updated and aligned with
current threat landscapes
With Microsoft’s support deadline now just five months away, organisations are being urged
to make the transition a strategic priority.
Charman concluded, “These incidents make one thing clear: attackers aren’t relying on
sophisticated hacks—they’re exploiting basic oversights in process and system
maintenance, continuing to run Windows 10 past its support deadline isn’t just a technical
risk—it’s an open invitation to be targeted next.”
You may be interested in
Why Businesses Should Invest in ESG: Lessons learned by Espria
In today’s competitive landscape, Environmental, Social and Governance (ESG) performance is no longer just a “nice to have”—it is a critical business imperative. Companies that prioritise ESG are better positioned for long-term success, risk mitigation, and reputation enhancement. Today’s world demands more from companies than just financial performance. Customers want transparency. Employees want purpose. Investors want resilience. ESG helps businesses manage risk, seize new opportunities and build trust with the people who matter most. It is how you can stay competitive, stay responsible and stay relevant in a fast-changing world. A powerful case study of…
The Importance of Compliance and Security: Complementary Forces in Today’s Business World
In today’s rapidly evolving business landscape, compliance and security have become paramount. These two elements, often perceived as hurdles, are in fact complementary forces that drive business success and sustainability. Understanding their importance and how they work together can transform them from perceived blockers into enablers of growth and innovation. The Role of Compliance Compliance refers to adhering to laws, regulations, standards and ethical practices relevant to an industry. It ensures that a company operates within the legal framework and maintains its reputation. Compliance is not just about avoiding fines and legal issues; it is…
Businesses are losing money and jeopardising security to IT sprawl and quick fixes, says Espria
IT Leaders must take action on unchecked technology sprawl and shadow IT that are draining budgets, increasing cyber risks, and complicating their digital environment. According to a recent study, budgets towards insider risk management have doubled in the past 12 months, with 81% of business leaders looking to secure their internal business infrastructure as geopolitical tensions escalate and remote workforces become the norm. ‘Digital transformation ushered in new possibilities and solutions for computing, but it also introduced a potential for sprawl that burdens IT teams everywhere,’ said Brian Sibley, Virtual CTO at Espria. ‘When faced…
Espria launches Espria Connect, enhancing Microsoft Teams with Advanced Unified Communications
The new product, Espria Connect, isn’t just another telephony solution. It’s a game-changer, offering a cost-effective, scalable, and secure telephony solution for SMBs, mid-market and enterprise customers. Combining the power of Microsoft Teams with Cloud-Based Unified Communications, Espria, the leading managed services provider, is excited to introduce Espria Connect. This powerful solution streamlines business communication infrastructure and addresses the growing demand for a unified communication solution that supports hybrid work environments. Designed for businesses of all sizes, Espria Connect allows users to manage voicemail, make and receive calls, and access a diverse range of other…
Reimagining education: How AI is changing the way we teach, learn, and collaborate in schools
Technology has long been used by educators to support teaching and operations, facilitating staff with a wide range of platforms and resources. A particular tool that has sparked both controversy and curiosity is the inclusion of artificial intelligence (AI). A study by BCS, the Chartered Institute for IT, found that most teachers are reluctant to use AI for pupil learning with 84% of educators not changing the way they assess their students’ work. This comes after Ofsted recently launched an independent review on the use of AI in schools and how to develop the understanding of…
Espria launches CSP renewal assessment service
Leading managed service provider launches new service to address the costs associated with software sprawl, helping to drive down OpEx as businesses increasingly feel the financial squeeze. Espria, a leading digital solutions provider, has launched a free M365 Licence Assessment programme to help businesses save costs by reviewing existing licence estates and identifying those licences not in use or no longer being utilised. With Microsoft recently changing how they sell and structure licenses, businesses must now reassess their current M365 licenses, looking for ways to reduce costs and keep the capabilities they need as they…