"I couldn't afford it," Kandek said.
So isolation will likely be the best strategy for many organizations, which should get started soon, before cybercriminals start releasing their XP-hunting malware.
Sean Bodmer, chief security researcher at CounterTack, has a warning for companies who fail to act. "Once there is no further support for identified, exploitable vulnerabilities, it will be easier for attackers to access data than fishing with dynamite," he said.
Sign up for CIO Asia eNewsletters.