Australian Audit Report May 12 2021

328 weaknesses found by WA Auditor-General in 50 local government systems

“Poor controls in these areas left systems and information vulnerable to misuse and could impact critical services provided to the public”

WA Auditor General’s Report: Local Government General Computer
Controls
Reported in: 328 weaknesses found by WA Auditor-General in 50 local government systems | ZDNet
Read more Audit Reports

The computer systems of 50 Western Australian local government entities were probed and the result was the finding of 328 control weaknesses, with 33 considered as significant by the Auditor-General.

The capability assessment results, meanwhile, showed that none of the 11 audited entities met the auditor’s expectations across the six control categories, with 79% of the audit results below the minimum benchmark.

Among the findings were entities having a poor awareness of cyber threats, with one case study revealing a user’s account details were stolen because of a phishing attack that was not detected or prevented by the entity’s security controls.

“The attack resulted in a fraudulent credit card transaction on the user’s corporate credit card, which was immediately cancelled,” the report said. “Further investigation by the entity revealed the attacker downloaded 10GB of entity information in the form of sensitive emails.”

Another common weakness was that entities did not have policies, procedures, and processes to effectively manage technical vulnerabilities. At one entity, public facing and internal systems sat in the same network; the same entity also did not monitor devices on its network.

Many entities were also not managing privileged access to their networks and systems.

…. Read the source article of report… it just gets worse 🙁