Outdated Software Can Expose Cities to Cyberattacks

March 25, 2019

Michael Chihlas, Network Infrastructure Consultant

Over the past few months, various news items continue to emerge about municipalities opening themselves up to data incidents and cyberattacks from outdated software. For example, 200 Vermont municipalities using New England Municipal Resource Center (NEMRC) software had the personal information of city employees and citizens exposed by a security vulnerability from unpatched software.

Cyware reported, “Started in 1984, NEMRC used a Microsoft program called Visual FoxPro which was discontinued in 2007. In fact, Microsoft stopped providing support to Visual FoxPro in 2015.” That means Microsoft stopped providing security patches since 2015.

Bleeping Computer recently reported that “55% of all programs installed on personal computers running Windows are outdated according to an Avast report, exposing their users to security risks because of unpatched vulnerabilities.” In addition, the Avast report points out that “in more than 94% of cases users who have installed Adobe Shockwave, VLC Media Player, and Skype on their computers haven't updated them to the latest versions.”

In many of our training workshops, articles, and blog posts, we point out that outdated software puts cities at risk. Let’s look closer at why.

1. Security vulnerabilities expose your city to cyberattacks.
First, the obvious. Outdated software is often no longer supported by the vendor that made it. That means you no longer receive patches for bugs and security vulnerabilities. Without vendor-approved patches, you are exposing your city to significant security risks that hackers exploit.

When you don’t patch old software or try to cobble something together, it’s simply not good enough to counter the sophistication of hackers. Outdated software increases your risk of ransomware, malware, viruses, data breaches, and data exposure.

Another security vulnerability that crops up is trusting that a third-party provider somehow successfully manages the security of the outdated software. In the case of the New England software above, the Vermont municipalities trusted the third-party provider. However, outdated software is outdated software, even if someone attempts to “support” it. The situation in Vermont shows that you need to proactively ask if third parties are effectively securing and patching the software. Any software that cannot be patched and updated is a high risk.

2. Clinging onto old software leads to excessive costs.
If the software vendor doesn’t support the software anymore, someone else must make a best effort attempt to keep the system going. That someone will have limited capability to support the system and resolve issues. They will not be able to patch and update the system. This, again, is high risk.

That someone is usually an overworked IT staff member, a high hourly billable IT resource, or a company that’s charging high rates to maintain something so old. Old software, like a car, will also break often, requiring even more repair time and money.

There comes a point when the high risk and unpredictable maintenance costs have far surpassed the costs of an upgrade to modern software, and an upgrade will staunch your financial bleeding.

3. An inability to use modern functionality.
Consider your phone as an example. Are you using a Blackberry from 2004? An iPhone from 2009? A Droid from 2010? Why not? Your phone wouldn’t be able to handle modern applications like GPS, music streaming, or watching videos.

The same is true for your city’s outdated software. Software evolves very rapidly, and it increases the expectations of what users can do with it. If your software can’t perform basic, expected functionality, then it starts to affect how you do business and you will fall behind in productivity compared to other cities and businesses.

4. An increased risk of business disruptions.
Your citizens depend on you. Your elected officials depend on you. Your city staff depend on reliable tools and technologies. Yet, old software freezes, breaks, and fails. It’s not reliable. To “save” money, you’re literally putting up with something that risks disrupting your city’s services and affects the way you serve your citizens. Modern software is more reliable, secure, and faster.

5. An inability to integrate with modern technology.
Outdated software also usually has trouble integrating with modern technology. Examples include:

  • An inability to integrate with a newer operating system such as Windows 10, causing you to stay on another unsupported software platform (like Windows XP) or silo your software from the rest of your technology.
  • An inability to store data in the cloud, meaning you will not be able to access that data from anytime, anywhere.
  • An inability to integrate with mobile devices. Unlike many of your applications (such as email and documents), you won’t be able to access your software on your phone.

Newer software often has built-in integration with modern technologies and will seamlessly work across multiple devices. If you’re hitting walls with technology, such as not even being able to run it properly on your city’s computers, then you need to look at an upgrade.


Old software is one of the most misleading “cost savers” at cities because it’s not really saving you money. Quite the opposite. In addition to bleeding money, it also heavily risks your city operations and slows you down unnecessarily—similar to using that 2004 Blackberry phone in 2019. Upgrading your software will give you fast, reliable, and secure applications to help your city do its best work.

Back to Listing