Cybersecurity Training Imperative for Local Government

Local councils in New South Wales are grappling with a critical issue: the lack of robust cybersecurity measures. A recent report from the NSW Auditor General1 has shed light on the alarming gaps in cyber risk management within local government bodies, emphasising the urgent need for comprehensive cybersecurity training.

The audit specifically scrutinised the cybersecurity practices of three councils—City of Parramatta Council, Singleton Council, and Warrumbungle Shire Council. All three were found to have significant deficiencies in basic cybersecurity protocols, leaving local infrastructure and financial data vulnerable to potential breaches.

One glaring revelation from the report is the absence of governance structures to oversee cyber risks in these councils. Additionally, none of them had conducted assessments to ascertain the value of their information and systems, a fundamental step in cybersecurity strategy.

The implications of these lapses are profound. Not only do they jeopardise the security of sensitive data belonging to ratepayers, but they also underscore the councils’ failure to prioritise cyber activities aimed at mitigating vulnerabilities in critical business systems.

Alarmingly, the audit unearthed that two out of the three councils lacked a concrete plan to enhance their cybersecurity posture, despite the glaring deficiencies highlighted. This lack of foresight leaves them ill-prepared to detect, respond to, and recover from potential cyber incidents effectively.

The risks associated with poor cybersecurity hygiene in local government cannot be overstated. Beyond the theft of information and denial of critical technology access, there’s a real danger of systems being hijacked—a scenario that could have devastating consequences for communities.

Recent incidents involving third-party service providers further underscore the pervasive nature of this threat. From a law firm handling government contracts, to an enterprise technology provider serving local councils, no entity is immune to cyber-attacks. These incidents serve as stark reminders of the ongoing vulnerability faced by local councils and the imperative of bolstering their cybersecurity defences.

The urgency of addressing these vulnerabilities is compounded by the findings of the Audit Office’s Local Government 2023 report, which revealed that a significant number of councils are yet to implement robust cybersecurity frameworks and internal controls.

In light of these findings, it is imperative that local councils prioritise Cybersecurity Training. Only through concerted efforts to bolster cybersecurity awareness and resilience can they hope to safeguard the interests of their communities and mitigate the ever-evolving cyber threats they face.

GRC Solutions has a range of eLearning courses including Cyber Security specifically designed for the local government sector.

For more information, see: https://grc-solutions.com/my-industry/local-government-compliance-training/

Or Contact

Gavin Gilbert

gavin.gilbert@grc-solutions.com

 

Source: Cyber Daily

1. Auditor-General’s Report