West Australia Council Audit Report November 25 2021

WA councils fail to detect simulated cyber attack in audit.

Only three out of 15 entities did so in a “timely manner”.

Western Australian Audit General’s Report: Cyber Security in Local Government
Reported in: WA councils fail to detect simulated cyber attack in audit | iTnews
Read more Audit Reports

WA local government entities have been put on notice to improve their cyber security policies and procedures after nine councils failed to detect a simulated cyber attack.

LG entities need to improve their management of cyber risks and response to cyber threats. Most did not have current and complete cyber security policies and processes to help them manage the risks and effectively respond.

Despite LG entities providing cyber security awareness training for employees, staff at 8 of the 15 audited LG entities accessed links and, in some cases, provided their credentials (username and password) in response to our test phishing emails. Technical controls to prevent phishing emails, coupled with focussed training to remind staff of their obligations and cyber security risks, would help LG entities manage these risks.

LG entities did not have appropriate mechanisms to detect and respond to cyber security incidents and their systems and networks were vulnerable because of out-of-date software. Nine of the 15 audited LG entities did not detect or respond to our simulated cyber-attacks, and those that did still needed to improve their processes.