Select Page

Audit: WA councils fail to detect simulated cyber attack in audit | iTnews

Audit: WA councils fail to detect simulated cyber attack in audit | iTnews

West Australia Council Audit Report November 25 2021

WA councils fail to detect simulated cyber attack in audit.

Only three out of 15 entities did so in a “timely manner”.

Western Australian Audit General’s Report: Cyber Security in Local Government
Reported in: WA councils fail to detect simulated cyber attack in audit | iTnews
Read more Audit Reports

WA local government entities have been put on notice to improve their cyber security policies and procedures after nine councils failed to detect a simulated cyber attack.

LG entities need to improve their management of cyber risks and response to cyber threats. Most did not have current and complete cyber security policies and processes to help them manage the risks and effectively respond.

WA LG entity findings for key audit areas

Despite LG entities providing cyber security awareness training for employees, staff at 8 of the 15 audited LG entities accessed links and, in some cases, provided their credentials (username and password) in response to our test phishing emails. Technical controls to prevent phishing emails, coupled with focussed training to remind staff of their obligations and cyber security risks, would help LG entities manage these risks.

LG entities did not have appropriate mechanisms to detect and respond to cyber security incidents and their systems and networks were vulnerable because of out-of-date software. Nine of the 15 audited LG entities did not detect or respond to our simulated cyber-attacks, and those that did still needed to improve their processes.

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This