Select Page

Audit: Western Australia Auditor General’s Local Government Information Security Audit 2021-22 reports 324 control weaknesses

Posted by | Mar 29, 2023 | , , , , , , , , | 0 |

Audit: Western Australia Auditor General’s Local Government Information Security Audit 2021-22 reports 324 control weaknesses

West Australian Councils Audit Report 29 March 2023

Western Australia Auditor General’s Local Government Information Security Audit 2021-22 reports 324 control weaknesses

Cyber security concerns as council’s network rack found in staff toilet

Western Australia Auditor General Report: Information Systems Audit – Local Government 2021-22
Media Report:Cyber security concerns as council’s network rack found in staff toilet | Government News

Read more Western Australia Auditor General Reports and West Australia incidents.

WA Council Audit 2023 1

Local government is facing increasing cyber security risks as councils adopt technologies designed to deliver services and efficiencies, West Australia’s auditor general has warned.

Auditor General Ms Caroline Spencer said 324 general computer control weaknesses were reported to 53 local government entities for the 2021-22 year. ‘Disappointingly, 69% of these weaknesses were unresolved issues from the prior year, including 27 of the 31 significant findings.

The report includes a number of case studies that the local government sector and community can learn from:

  • One entity did not have a cyber security awareness program despite experiencing threecyber attacks in three years. The entity attributes these attacks to phishing or poor password hygiene. We first raised this issue with the entity in 2020.
  • In 2022, an entity’s staff account was compromised and used to instigate a phishing attack on third parties. The entity did not have a cyber security incident response plan to coordinate a response and communicate with impacted third parties. We had recommended, in 2021, the entity develop a plan.
  •  At one entity we found poor physical control around IT infrastructure, along with the back door to the office and records room left unlocked during the day despite being publicly accessible. Cash takings were also left in an unlocked safe. These weaknesses increase the likelihood of unauthorised access to systems and theft of public property and information
  • One entity had not configured its finance application to stop the same individual from approving purchase orders and invoices for the purchase of goods and services. Although the entity had manual controls in place, these could be bypassed.

WA Council Audit 2023 2

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Incident: Drug and alcohol tests of graduate paramedics revealed in Ambulance Victoria data breach | The Guardian

Incident: Drug and alcohol tests of graduate paramedics revealed in Ambulance Victoria data breach | The Guardian

May 12, 2023

Incident: Hackers steal thousands after Queensland School Photography targeted online | ABC News (Australia)

Incident: Hackers steal thousands after Queensland School Photography targeted online | ABC News (Australia)

March 14, 2017

Incident: Pizza Hut Australia leaks one million customers’ details, claims ShinyHunters hacking group | Bitdefender

Incident: Pizza Hut Australia leaks one million customers’ details, claims ShinyHunters hacking group | Bitdefender

September 6, 2023

Audit: Cyber basics still beyond fed gov as Essential Eight mandate looms | iTnews

Audit: Cyber basics still beyond fed gov as Essential Eight mandate looms | iTnews

June 10, 2022

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Exclusive: Prime Properties listed as breach victim by M3rx ransomware
Exclusive: Prime Properties listed as breach victim by M3rx ransomware

Hackers are alleged to have stolen more than 80,000 documents totalling 100 gigabytes of data from a Sydney-based property investment firm. • Fri, 01 … [...]

Alert! Wave of fake toll, parking scams impacting countries worldwide, including Australia and New Zealand
Alert! Wave of fake toll, parking scams impacting countries worldwide, including Australia and New Zealand

Scammers observed impersonating Aussie toll operator Linkt and the New Zealand Police and Ministry of Justice. • Wed, 29 Apr 2026 • … [...]

NZ council cyber attack leads to ID and financial data being exposed
NZ council cyber attack leads to ID and financial data being exposed

A cyber attack impacting a New Zealand city council has compromised the data of hundreds of people. • Wed, 29 Apr 2026 • Security *]:clear-none … [...]

Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group
Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group

Hackers claim to have stolen 441 gigabytes of data, including internal correspondence, driver’s licence scans and revealing Christmas party photos. • … [...]

Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims
Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims

Major Australian ice-cream retailer Gelatissimo has launched an investigation into claims made by hackers that the company was breached in a … [...]

Most Australians leaving data open to cybercriminals
Most Australians leaving data open to cybercriminals

Two-thirds of Australians are sharing key information that makes them easy targets for scammers and cyber criminals. The new research from the Department of Home Affairs also found more than [...]

NSW Treasury staffer charged over major data breach | 7NEWS
NSW Treasury staffer charged over major data breach | 7NEWS

A 45-year-old New South Wales Treasury employee has been arrested and charged with accessing and downloading over 5,500 sensitive government documents containing confidential, commercial and financial information across multiple NSW [...]

Warning Anthropic's Mythos could pose cyber risk to banks and critical infrastructure | The Business
Warning Anthropic's Mythos could pose cyber risk to banks and critical infrastructure | The Business

Australian banks, power providers and infrastructure firms do not have access to test their systems against a powerful new AI cybersecurity risk, Anthropic's Mythos. Anthropic has claimed Claude Mythos is [...]

Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations
Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations

A newly published Australian Army Research Centre paper has highlighted the need for Australia to establish an Australian national cyber reserve … [...]

Generation Life informs customers of ‘cyber incident’ as owner shares incident with ASX
Generation Life informs customers of ‘cyber incident’ as owner shares incident with ASX

Australian investment firm Generation Life says there is no evidence of any unauthorised transaction, but is investigating a potential data breach. • … [...]

PAW 2026
PAW 2026

On this page Privacy Awareness Week 2026 Trust is built here. In every privacy complaint. In every resolution. Privacy Awareness Week (PAW) is an annual … [...]

RentTech platforms must stop unfair and excessive personal information collection, says Privacy Commissioner
RentTech platforms must stop unfair and excessive personal information collection, says Privacy Commissioner

A determination issued today by the Privacy Commissioner finds that the 2Apply rental technology platform, operated by InspectRealEstate (IRE), … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading