Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

Abstract clock and network graphic with SMB TECH label on dark navy background

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new directive this week that gives federal agencies as little as three days to fix their most dangerous security flaws, as reported by BleepingComputer. Binding Operational Directive 26-04 ranks vulnerabilities on four factors: is it being actively exploited, is the system exposed to the internet, can the attack be automated, and does it hand over full control. Tick all four boxes and the patch deadline is 72 hours. Less urgent flaws get two weeks.

Why this matters in Australia

The directive only binds US government agencies, but rules like this rarely stay in their lane. They set the benchmark that cyber insurers, supply-chain questionnaires and regulators quietly adopt. And Australia isn’t starting from zero here — the ASD’s Essential Eight already expects exploited vulnerabilities in internet-facing systems to be patched within 48 hours. The direction of travel is clear: when a flaw is being actively used by attackers, “we patch monthly” is no longer an acceptable answer.

What to do about it

You don’t need a federal directive to borrow the logic. Start by knowing exactly what parts of your business are exposed to the internet — VPNs, firewalls, remote access tools, websites. Then ask your IT provider two questions: how do you decide what gets patched first, and how quickly do you act when a flaw is being actively exploited? The right answer is measured in hours or days, prioritised by real-world risk — not whenever the next maintenance window rolls around.

If you’re not sure where your business sits, our cybersecurity services include managed patching with exactly this kind of risk-based prioritisation, backed by managed IT support that keeps it running without you having to think about it.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →