End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise

Recent breaches at major UK retailers, combined with the approaching end of life of Windows 10, highlights a critical moment for IT resilience planning
The recent wave of cyberattacks targeting major UK retailers has highlighted the growing security risks associated with organisations running outdated systems and applications and maintaining weak identity verification protocols. These incidents—particularly those involving Marks & Spencer and the Co-Op—have starkly exposed how vulnerable legacy infrastructure and insufficient access controls can be.
In both cases, attackers successfully posed as legitimate employees and manipulated IT help desks into resetting internal passwords, ultimately gaining access to critical systems. The breaches led to serious operational disruption and substantial financial consequences, underscoring the urgent need for organisations to eliminate all areas of potential risks in line with today’s threat landscape.
With the end of Windows 10 support fast approaching, on 14th October 2025, these events serve as a timely warning: continuing to rely on unsupported operating systems not only increases exposure to such attacks but also reflects a broader gap in cyber resilience that organisations must urgently address.
“These attacks are a stark reminder that security breaches often begin with people and their lack of regular training’,” said Roy Charman, CTO Infrastructure at Espria. “When outdated systems are involved, it compounds the problem. Without security updates, patches and support, any known vulnerabilities remain wide open to exploitation.”
Recent data shows that 52% of UK businesses are still operating on Windows 10. After Microsoft withdraws all support in October, these systems will no longer receive security updates or patches—leaving organisations increasingly vulnerable to threats and long-term cyber risk.
“The real concern is not just the deadline—it’s the lack of preparedness,” continued Charman. “Many organisations have yet to assess which of their devices can be upgraded, which need replacing, and what the rollout timeline should look like. Delaying that process leaves very little room to act effectively later.”
“We’re not just talking about technology upgrades; we’re talking about safeguarding day-to-day operations, customer data, and organisational resilience,” he added. “This is a window of opportunity to strengthen security across the board—not just by moving to a supported OS, but by re-evaluating the basics, like password policies, help desk verification protocols, and device hygiene.”
Security experts at Espria advise organisations to take the following steps without delay:
- Audit all devices still running Windows 10 to assess compatibility for upgrade
- Develop a structured migration plan to Windows 11, prioritising systems that handle sensitive data or critical operations
- Strengthen help desk protocols and identity verification processes to reduce the risk of social engineering attacks
- Ensure endpoint protection tools are fully deployed, updated, and aligned with current threat landscapes
With Microsoft’s support deadline now just five months away, organisations are being urged to make the transition a strategic priority.
Charman concluded, “These incidents make one thing clear: attackers aren’t relying on sophisticated hacks—they’re exploiting basic oversights in process and system maintenance, continuing to run Windows 10 past its support deadline isn’t just a technical risk—it’s an open invitation to be targeted next.”
You may be interested in
Outgrowing your MSP; businesses need a provider that scales with their growth
To stay competitive, business leaders must align with MSPs that deliver strategic value, drive innovation, and support to scale. Now firmly into 2025, it’s becoming clear what the year has in store for the IT landscape. For SMBs, the message is clear: business growth must be matched with smarter, more scalable managed services. The demand for cyber-resilient, cloud-first and AI-integrated solutions is no longer a forecast – it’s a reality already shaping business priorities. According to leading global technology market analyst firm Canalys’ MSP Trends 2025 report, the MSP model is transforming under growing pressure…
UK SMEs must fortify their cybersecurity against geopolitical risks, says Espria
A recent Sky News investigation highlighted an uptick in cyberattacks tied to the Iran conflict that are targeting businesses across multiple sectors. Speaking at the NATO Summit, Prime Minister Sir Keir Starmer urged UK businesses, regardless of size or sector, to prioritise cybersecurity and ‘take immediate steps to review and strengthen their defences.’ While the warning is timely in tone, businesses are already becoming targets of politically motivated cyberattacks, emphasising the need for heightened vigilance. “As tensions spread globally, threat actors will continue to exploit digital vulnerabilities, and neutral businesses may be caught in the…
End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise
End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise
Why Businesses Should Invest in ESG: Lessons learned by Espria
In today’s competitive landscape, Environmental, Social and Governance (ESG) performance is no longer just a “nice to have”—it is a critical business imperative. Companies that prioritise ESG are better positioned for long-term success, risk mitigation, and reputation enhancement. Today’s world demands more from companies than just financial performance. Customers want transparency. Employees want purpose. Investors want resilience. ESG helps businesses manage risk, seize new opportunities and build trust with the people who matter most. It is how you can stay competitive, stay responsible and stay relevant in a fast-changing world. A powerful case study of…
The Importance of Compliance and Security: Complementary Forces in Today’s Business World
In today’s rapidly evolving business landscape, compliance and security have become paramount. These two elements, often perceived as hurdles, are in fact complementary forces that drive business success and sustainability. Understanding their importance and how they work together can transform them from perceived blockers into enablers of growth and innovation. The Role of Compliance Compliance refers to adhering to laws, regulations, standards and ethical practices relevant to an industry. It ensures that a company operates within the legal framework and maintains its reputation. Compliance is not just about avoiding fines and legal issues; it is…
Businesses are losing money and jeopardising security to IT sprawl and quick fixes, says Espria
IT Leaders must take action on unchecked technology sprawl and shadow IT that are draining budgets, increasing cyber risks, and complicating their digital environment. According to a recent study, budgets towards insider risk management have doubled in the past 12 months, with 81% of business leaders looking to secure their internal business infrastructure as geopolitical tensions escalate and remote workforces become the norm. ‘Digital transformation ushered in new possibilities and solutions for computing, but it also introduced a potential for sprawl that burdens IT teams everywhere,’ said Brian Sibley, Virtual CTO at Espria. ‘When faced…