windows 11 — why its security features make upgrading worthwhile.

get the whitepaper

So, the “last version of Windows,” as proclaimed by a Microsoft developer about Windows 10 didn’t prove to be exactly right — hence we now have Windows 11. Two major factors have necessitated Windows 11: the pandemic advancing remote work and, somewhat related, advances in cybersecurity threats and protections.

Data breaches and ransomware grew at breathtaking rates during the pandemic. The website securityboulevard.com anticipated that, in 2021, ransomware attacks would be 60 times the cost compared to what they were in 2015 — when Windows 10 was first released. The overwhelming majority of malware attacks are directed against Windows computers. For these reasons and more, Windows 11 integrates Zero-Trust security tools by default, keeping security front and center to thwart hackers.

One of the issues with Windows 10 was not that it didn’t offer effective security tools — it was that enabling many of these tools was left up to the users, many of whom chose to ignore them. With Windows 11, these features are enabled out of the box — including three primary measures:

  1. Perhaps the one that has gotten the most attention is the Trusted Platform Module or TPM. This chip, which might require users to update hardware, provides a much higher level of tamper resistance, thereby making it much less vulnerable to malware and ransomware.
  2. The operating system’s Core Isolation Features, which were available in Windows 10, are now automatically enabled to insulate the system from a range of attacks.
  3. The UEFI Secure Boot (for Unified Extensible Firmware Interface), is a PC-industry specification defining the software interface between the operating system and the PC’s firmware. It keeps hackers from replacing the system’s intended software with their malicious code during the system boot.

Although these aren’t the only security measures embedded in Windows 11, for example, Microsoft Defender apps are still part of the OS, and they do serve to increase the level of protection now offered to Windows users.

weighing the costs of updating versus the potential cost of ransomware

Not surprisingly, many organizations are going to pause before upgrading from Windows 10 to Windows 11, in part to avoid the cost of replacing hardware. This isn’t unreasonable, but keep in mind that the cost of a hardware refresh might only be a fraction of the cost of recovering from some sort of breach or malware infestation. In 2020, recovering from a ransomware attack cost an average of $761,000. Just a year later the cost had spiraled to $1.85 million. According to Palo Alto Networks, the largest confirmed ransom paid by a company in 2021 was $11 million. You can buy a lot of new computers for that price — and that $11 million didn’t include the lost time, the lost business, the higher insurance premiums and more that the targeted firm had to incur just to resume normal operations.

Of course, improved security isn’t the only justification for adopting the new OS. Windows 11 was designed to provide a consistent experience across devices,  plus support for Android applications is now accessible via the revamped Microsoft Store. With that said, however, security is still a major reason for upgrading.

According to Tom Ruden, senior solutions architect at Randstad Technologies, “For the enterprise, we see security and management as the main drivers for Windows 11 adoption — along with aligning with and accelerating the M365 Security Stack, providing a hardware root-of-trust to prevent malware and ransomware and facilitating the adoption of a password-less environment.”