Over the weekend, the Cybersecurity and Infrastructure Security Agency (CISA), a federal agency overseen by the Department of Homeland Security (DHS), released a rare Emergency Directive requiring Executive Branch departments and agencies to patch a serious vulnerability in Windows Server software commonly used by local governments and businesses. CISA “strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible.”
Why This Matters
- Sophisticated cybercriminals could take control of your servers. The consequences for a city caught off guard could be devastating—leading to servers or computers being down for weeks or months and the possibility of paying a lot of unbudgeted money to fix the problem.
- Cybercriminals can steal your data. A data incident will require you to notify regulatory authorities and let citizens know their data was compromised. In addition, these incidents often make their way to the press and lead to time-consuming remediation efforts.
- Cybercriminals can destroy your data. It’s not uncommon for cybercriminals to corrupt and destroy data as part of an attack. Is your city or business prepared for the consequences of permanent data loss?
What You Should Do
- Proactive towns and cities patched this vulnerability in August. Municipalities (including VC3 and IT in a Box clients) that regularly patch their software will have applied this patch in August when Microsoft released it. Those cities will not have to worry about this vulnerability.
- Patch this vulnerability now. CISA would not release an Emergency Directive if it was not very serious. A vulnerability like this will be exploited within days by sophisticated cybercriminals looking for easy targets.
- Conduct regular, ongoing IT monitoring and maintenance. If your municipality missed this patch in August, you may want to consider more proactive IT monitoring and maintenance. Trained IT professionals will proactively apply software patches to shore up security gaps and vulnerabilities while also proactively monitoring your environment for cyber threats.
The bottom line: Ensure this patch is in place. Cyber attackers will exploit this vulnerability and prey on those towns and cities with lax security. Citizen data is too important to leave open to the world’s cybercriminals.
If your municipality is concerned about cybersecurity and your current level of protection, reach out to us today. We’ve helped over 340 municipalities improve their cybersecurity defenses.