According to recently released data, nearly half of all local authorities in the UK are using software which is no longer supported by the vendor. This means that updates which would patch newly discovered security holes are no longer released.
The impact is that affected councils are unduly exposed to cyber threats compared with those using supported software.
A Freedom of Information request, made by COMPAREX UK, showed that 46% of councils across the country are still using one or more of Windows Server 2000, Windows Server 2003 or Microsoft SQL Server 2005. All of which are no longer supported by Microsoft and not receiving security patches.
The resulting security holes – “vulnerabilities” – could potentially be exploited by attackers to gain access to councils’ data.
The cyber threat is always evolving and growing, but the use of such outdated software is an unnecessary risk and councils have had plenty of warning over the risks they face.
This news that so many councils continue to use outdated software highlights the need for an urgent shift in mindset. They need to stop wondering if a cyber incident will impact them and accept that it’s more likely a case of when.
Hacking has become easier than ever thanks to the release of mass-produced exploitation kits that are readily available to anyone with a Tor browser, access to the Dark Web and some bitcoins. But as with most criminals, hackers prefer easy targets. The chances are high that if you have some basic security software installed and have kept your machine up to date with the latest patches, a hacker will pass you by as they seek out easier prey. The same rules apply online as well as offline. Make yourself an easy target, and you will become a victim.
We know that council budgets have been under strain the past few years due to cutbacks but that doesn’t really excuse them using such out of date software. Staying up to date and keeping the wealth of sensitive data they hold secure needs to be a priority.
Upgrading to the latest software is just one part of the puzzle when it comes to staying secure, however. Effective patch management also needs to be introduced as well as an incident response plan and staff training.
We can help with the patch management side of things in a cost-effective way. CyberScore™ makes patch management quick and easy. Simply schedule a scan (ideally every month) and voila it will detect any vulnerable software on your networks allowing you to quickly implement an effective patch management strategy.
CyberScore™ also allows you to:
XQ Cyber also offers a range of incident response and consultancy services such as Penetration Testing, Cyber Posture Assessments and Incident Response preparedness and testing.