London Councils Running Outdated Software

Written by

Nearly 70% of London’s borough councils are using out of date operating systems, exposing them to greater cybersecurity risk, according to new research from Databarracks.

A spokesman confirmed to Infosecurity that the back-up firm received responses to a Freedom of Information request from every London borough and the City of London.

It found a widespread reliance on Windows Server 2003 (63%), SQL Server 2005 (51%) and Windows Server 2000 (10%) – all systems no longer supported by Microsoft.

This means that they could be vulnerable to newly created exploits for which no official patches are available – unless they’re using virtual patching (vulnerability shielding) technology or have a special agreement with Microsoft to extend support.

Databarracks managing director, Peter Groucutt, argued that firms should focus on the security basics – including up-to-date AV and anti-spam as well as patching and revisiting firewall rules.

“It is easy for organizations to become paralyzed by the choice of security options, but it is absolutely vital to not neglect the basics and to deliver a solid baseline. This starts with reviewing and auditing their IT infrastructure and upgrading to supported software versions,” he added.

“Being secure in 2017 doesn’t necessarily need to see huge investment in advanced cybersecurity solutions, but it does need to be the year that we ensure our fundamental security practices are up to scratch.”

The news echoes a similar report last week which revealed that 90% of NHS Trusts in England are still running Windows XP.

It’s claimed Microsoft stopped issuing security updates for government PCs running the OS as long ago as April 2015.

“Unsupported operating systems are one of these fundamentals – failure to upgrade is putting your organization at enormous unnecessary risk,” concluded Groucutt. “The possibility of security breaches and potential data losses is much higher, as security patches will no longer be released to protect against vulnerabilities.”

What’s hot on Infosecurity Magazine?