This is just crazy or stupid. I would advocate that even small business should be getting off Windows 7 as fast as possible. But it is good enough for US voting machines (a huge impact attack surface that we know is already week – voting machines), really? This just does not make sense and demonstrates incredibly poor planning for one of the most important activities in our democracy – voting.
Much has been said / printed about the cybersecurity risks we all face with our digital information and transactions. But, i believe many of us underestimate just how easy and cheaply it is for ‘bad folks’ to get access, tools and other resources to do the work … for example, quote: “In another case, McGuire and Bromium found a database of passwords and PIN numbers that appeared to belong to customers of Qatar National Bank, a global bank with tens of billions of dollars in revenue, for sale for roughly $10.”
That quote was from an article referenced by Washington Post – https://www.cyberscoop.com/corporations-beware-dark-net-markets-selling-tools-targeting-accounts/
WAPO pointed to a Bloomberg post – you may need subscription https://www.bloomberg.com/news/articles/2019-06-06/access-to-bank-networks-for-sale-on-dark-web-new-research-says
An interesting costing estimate, quote: “The price for commissioning an attack on a specific corporation averaged about $4,500, the researchers found. Bespoke corporate espionage services, targeting either individuals or specific information from a particular company, were available for fees ranging from $1,000 to $15,000, they said.”