Experts predict cyber security threats to Australian organisations will continue to rise in 2023. Local governments in Western Australia need to enhance their computer controls, according to a WA Auditor General (OAG) audit that discovered 328 weaknesses in a review of 50 local governments.
10% of the weaknesses were assessed as serious and need immediate attention. Seventy-two percent were moderate, while just 18% were categorised as minor.
Image of Breakdown of OAG Audit findings
10 Common problems:
Inadequate Information Security policies and employee training on possible cyber risks.
Lack of rules, procedures, or protocols in place to handle technical vulnerabilities.
Failure to separate internal networks from systems that interact with the outside world.
Inadequate remote access controls, particularly the absence of multi-factor authentication.
Failure to restrict and regulate privileged network and system access.
Insufficient security procedures for emails and business information.
Lack of updated business continuity and disaster recovery plans, or inability to test those that do exist on a regular basis.
Lack of policies for documenting, assessing, reviewing, and reporting IT risks.
Poor management and monitoring of user access.
Lack of appropriate policies and procedures to implement changes.
The report also includes real-world instances of how lax computer controls led to breaches, theft of sensitive and personal information, and financial loss.
One council, for example, had a user’s account data taken in an undiscovered phishing assault, leading to a fraudulent transaction on a corporate credit card and the download of 10GB of critical emails.
In another instance, a password that had not been updated since 2002 was used outside of office hours, and the council was unable to justify its usage.