Select Page

Audit: Queensland Audit Office (QAO) Water 2021 Report finds one breach and significant control weaknesses | ABC News (Australia)

Posted by | Nov 11, 2021 | , , , , , , , , , | 0 |

Audit: Queensland Audit Office (QAO) Water 2021 Report finds one breach and significant control weaknesses | ABC News (Australia)

Australian Utility Audit Report November 11 2021

Queensland Audit Office (QAO) Water 2021 Report finds one breach and significant control weaknesses in the security of information systems.

Sunwater has acknowledge it was the organisation reported breached in the report.

Queensland Audit Office: Water 2021 Audit Report
Related: Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach
Reported in: Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach | ABC News (Australia)

Read more Queensland Audit Office Reports and more general Queensland Incidents

Six water authorities including Seqwater, Sunwater, Urban utilities, Unitywater, Gladstone Area Water Board and the Mount Isa Water board were examined in the report, which warned of vulnerability in information systems.

Deficiencies in internal controls including relating to funds transfer payment information, were also highlighted.

The 36-page report called for immediate action to fix “ongoing security weaknesses in information systems”.

The report said despite the audit office last year recommending that entities strengthen the security of their information systems, not all had acted to address the issue.

QAO Overview of internal control issues

The researchers observed that public entities have already implemented some security measures following the recommendations given last year, however, there are still security aspects that need to be covered. For instance, reporting systems and security threat detection should be implemented, every external system where the public has access should have MFA enabled, the minimum eight-character password length requirement should be applied.

The experts also noticed that there is a need for security awareness pieces of training and the implementation of processes that have the role to identify critical security vulnerabilities.

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Incident: Parks Victoria data breach | 7News

Incident: Parks Victoria data breach | 7News

July 5, 2023

Incident: Medicinal cannabis company Cann Group loses $3.6 million in “sophisticated” cyber attack | SmartCompany

Incident: Medicinal cannabis company Cann Group loses $3.6 million in “sophisticated” cyber attack | SmartCompany

February 9, 2021

AustCyber’s brand new TAFE curriculum | InnovationsAus.com

AustCyber’s brand new TAFE curriculum | InnovationsAus.com

November 3, 2017

Incident: Yakult Australia targeted in cyber attack, employee files published on dark web | ABC News Australia

Incident: Yakult Australia targeted in cyber attack, employee files published on dark web | ABC News Australia

December 28, 2023

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Civil liberties organisation rails against deployment of facial recognition tech by WA Police
Civil liberties organisation rails against deployment of facial recognition tech by WA Police

The Western Australia Police Force will roll out live facial recognition in public spaces on 1 July, and Electronic Frontiers Australia calls the … [...]

Exclusive: National Portrait Gallery of Australia investigating data breach claims
Exclusive: National Portrait Gallery of Australia investigating data breach claims

Threat actor 2019 posts alleged National Portrait Gallery customer and client data to undergound hacking forum; names, emails, and location data … [...]

Australia joins US-led Exercise Valiant Shield 26 to test cyber and other domain capabilities
Australia joins US-led Exercise Valiant Shield 26 to test cyber and other domain capabilities

Australian Defence Force (ADF) personnel are getting ready to deploy to the Pacific to test defensive cooperation. Bethany Alvaro • Tue, 23 Jun 2026 • … [...]

"Must act now" to counter AI-borne cyber attacks, 'Five Eyes' says
"Must act now" to counter AI-borne cyber attacks, 'Five Eyes' says

Cyber security agencies in Australia, Canada, New Zealand, Britain and the United States are stepping up their awareness campaign around artificial … [...]

At a glance: data protection and management of health data in Australia
At a glance: data protection and management of health data in Australia

A Q&A guide to data protection and management for digital health in Australia, covering anonymised health data, enforcement, cybersecurity and … [...]

The misuse of information obtained through an ex-employee’s position: a broader cause of action for businesses - Mallesons Pulse Blog
The misuse of information obtained through an ex-employee’s position: a broader cause of action for businesses - Mallesons Pulse Blog

AI Summary ▼ The Full Court of the Federal Court has held that s 183(1) of the Corporations Act 2001 (Cth) provides a standalone cause of action … [...]

Regulatory enforcement spotlight 2026: key trends so far and what to expect next
Regulatory enforcement spotlight 2026: key trends so far and what to expect next

It has been another significant 12 months across the Australian regulatory landscape, defined by notable penalties obtained against companies that … [...]

Australians sharing misinformation without checking facts | 7NEWS
Australians sharing misinformation without checking facts | 7NEWS

New research by TikTok reveals one in five Australians believe online content before checking if it's true, while nearly 40 per cent share information without verifying it first. Cyber safety [...]

Inside WA police's online child predator unit | 7NEWS
Inside WA police's online child predator unit | 7NEWS

The WA Police Child Exploitation Squad operates an undercover unit where detectives pose as children in online chat rooms to identify and apprehend predators targeting minors. Subscribe and set 🔔 [...]

Schools warned over AI child abuse material threat | Sunrise
Schools warned over AI child abuse material threat | Sunrise

Australian schools are facing a significant threat as reports of AI-generated child abuse material have surged by 1,300%, with photos of children being harvested from school social media accounts and [...]

I reported my stalker to the police 26 times | SBS Insight
I reported my stalker to the police 26 times | SBS Insight

Technology is making it easier than ever before to watch and monitor others, with or without their consent. Insight investigates when this kind of surveillance is okay and when it [...]

AI and directors’ duties: Navigating cyber risk and responsible governance
AI and directors’ duties: Navigating cyber risk and responsible governance

Artificial intelligence (AI) is now creating two distinct governance challenges for directors. First, boards must respond to the rising cyber risks … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading