Cybersecurity Training Imperative for Local Government

Local councils in New South Wales are grappling with a critical issue: the lack of robust cyber security measures. A recent report from the NSW Auditor General1 has shed light on the alarming gaps in cyber risk management within local government bodies, emphasising the urgent need for comprehensive cyber security training.

The audit specifically scrutinised the cyber security practices of three councils – City of Parramatta Council, Singleton Council, and Warrumbungle Shire Council. All three were found to have significant deficiencies in basic cyber security protocols, leaving local infrastructure and financial data vulnerable to potential breaches.

One glaring revelation from the report was the absence of governance structures to oversee cyber risks in these councils. Additionally, none of them had conducted assessments to ascertain the value of their information and systems, a fundamental step in cyber security strategy.

The implications of these lapses are profound. Not only do they jeopardise the security of sensitive data belonging to ratepayers, but they also underscore the councils’ failure to prioritise cyber activities aimed at mitigating vulnerabilities in critical business systems.

Alarmingly, the audit unearthed that two out of the three councils lacked a concrete plan to enhance their cyber security posture, despite the glaring deficiencies highlighted. This lack of foresight leaves them ill-prepared to detect, respond to, and recover from potential cyber incidents effectively.

The risks associated with poor cybersecurity hygiene in local government cannot be overstated. Beyond the theft of information and denial of critical technology access, there’s a real danger of systems being hijacked—a scenario that could have devastating consequences for communities.

Recent incidents involving third-party service providers further underscore the pervasive nature of this threat. From a law firm handling government contracts, to an enterprise technology provider serving local councils, no entity is immune to cyber-attacks. These incidents serve as stark reminders of the ongoing vulnerability faced by local councils and the imperative of bolstering their cybersecurity defences.

The urgency of addressing these vulnerabilities is compounded by the findings of the Audit Office’s Local Government 2023 report, which revealed that a significant number of councils are yet to implement robust cybersecurity frameworks and internal controls.

In light of these findings, it is imperative that local councils prioritise Cybersecurity Training. Only through concerted efforts to bolster cybersecurity awareness and resilience can they hope to safeguard the interests of their communities and mitigate the ever-evolving cyber threats they face.

GRC Solutions has a range of eLearning courses including: Cyber Security for Local Government

Source: Cyber Daily

1. Auditor-General’s Report