Select Page

Audit: Queensland Audit Office (QAO) Water 2021 Report finds one breach and significant control weaknesses | ABC News (Australia)

Audit: Queensland Audit Office (QAO) Water 2021 Report finds one breach and significant control weaknesses | ABC News (Australia)

Australian Utility Audit Report November 11 2021

Queensland Audit Office (QAO) Water 2021 Report finds one breach and significant control weaknesses in the security of information systems.

Sunwater has acknowledge it was the organisation reported breached in the report.

Queensland Audit Office: Water 2021 Audit Report
Related: Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach
Reported in: Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach | ABC News (Australia)

Read more Queensland Audit Office Reports and more general Queensland Incidents

Six water authorities including Seqwater, Sunwater, Urban utilities, Unitywater, Gladstone Area Water Board and the Mount Isa Water board were examined in the report, which warned of vulnerability in information systems.

Deficiencies in internal controls including relating to funds transfer payment information, were also highlighted.

The 36-page report called for immediate action to fix “ongoing security weaknesses in information systems”.

The report said despite the audit office last year recommending that entities strengthen the security of their information systems, not all had acted to address the issue.

QAO Overview of internal control issues

The researchers observed that public entities have already implemented some security measures following the recommendations given last year, however, there are still security aspects that need to be covered. For instance, reporting systems and security threat detection should be implemented, every external system where the public has access should have MFA enabled, the minimum eight-character password length requirement should be applied.

The experts also noticed that there is a need for security awareness pieces of training and the implementation of processes that have the role to identify critical security vulnerabilities.

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This