Half of English Councils Running Outdated Server Software

Nearly half of English local authorities are still running server software which is no longer supported by Microsoft, potentially leaving systems and sensitive data exposed to hackers, according to the results of a new Freedom of Information (FOI) request.

IT service provider, Comparex UK, submitted FOI requests to 95 councils including all London boroughs and received answers back from 81.

It revealed that 46% were still running one or more of: Windows Server 2000, Windows Server 2003 and Microsoft SQL Server 2005.

Although nearly all (94%) of those councils running Windows Server 2000 and Server 2003, and 88% of those running Microsoft SQL Server 2005, said they were upgrading within the next two years, they are exposed right now to attacks exploiting vulnerabilities no longer patched by Microsoft.

What’s more just 13% of the 94% of councils running Windows Server 2008 claimed they were paying for extended support, with the figure dropping to just 9% for Windows SQL Server 2008.

“By continuing to run out-of-date server software, many councils are exposing themselves to a host of security and compliance risks,” said Chris Bartlett, business unit director – public sector at Comparex UK.

“The FOI data suggests that matters are slowly improving, as separate FOI requests to London borough councils back in 2016 showed that 70% were running unsupported server software. However, with GDPR now in effect, councils need to be even more cognizant of vulnerabilities – especially considering the volume of citizen data they hold. With that in mind, it is important that risks are managed, and councils establish an upgrade strategy.”

The report is not the first to highlight the poor cybersecurity posture of many UK local authorities. Last year an FOI investigation from Barracuda Networks found that 27% had been infected with ransomware in the past.

Separate research from PwC found that only a third (35%) of council leaders are confident their organization can withstand a cyber-attack.

What’s Hot on Infosecurity Magazine?