The Office of the Auditor General (OAG) released their Information Systems Audit Report 2022 – Local Government Entities in June. After an audit of 45 local government entities for calendar year 2020 to 2021, the report found that the sector is performing poorly in terms of cyber security.
Over the 2020-21 period the OAG reported 358 control weaknesses for 45 entities, compared to 328 weaknesses at 50 entities in the previous period. 10% of this year’s weaknesses were rated as significant and 71% as moderate. These weaknesses represent a considerable risk to the confidentiality, integrity and availability of entities’ information systems and need prompt resolution.
Over 120 people attended the CEO Breakfast or Local Government Risk Forum on Tuesday 6 September 2022, at Crown Perth.
Representatives from across the state — from Port Hedland to Esperance and everywhere in between joined together to network and explore current risk issues for the sector.
WorkCover WA is the government agency responsible for regulating and administrating the workers’ compensation scheme in Western Australia under the Workers’ Compensation and Injury Management Act 1981.
Businesses are prone to a host of disasters that vary from minor to catastrophic. The start of the COVID-19 crisis in 2020 was sudden, unexpected and incredibly difficult for many.
LGIS understands these concerns and through our new cyber-risk pilot program. We aim to support members in improving their cyber-security practices.
Our program is designed to analyse and benchmark current cyber-security practices and controls, and identify areas for improvement to build capability and boost members’ security position.
This involves assessing the various controls that the member implements internally in its control environment to manage the information security risks associated with its systems.
The Essential 8 Framework developed by the Australian Signals Directorate (ASD) has a prioritised list of baseline security controls that organisations can implement to protect and improve their cyber-security. These eight controls can mitigate up to 85% of cyberattacks.
Pre-Approved software should only be allowed to run on your network and enforced through whitelisting.
Regular patching should take place to fix security vulnerabilities in software applications.
Macros from the internet should be blocked, and only vetted macros with limited write access or macros that are digitally signed with a trusted certificate are allowed.
Application hardening should be implemented and involves disabling unsecure and unused services, such as Flash, Java, and web ads from applications. It also restricts the use of applications that are known to be vulnerable.
Restricted administrative privileges should be applied to operating systems and applications based on user duties. These should be restricted to only those who need them. Regularly revalidating the need for privileges is essential to maintain correct levels of access.
Patching fixes security vulnerabilities in operating systems and should be conducted frequently.
Multi-factor authentication ensures users are granted access only after successfully presenting multiple, separate evidences of authenticity and should be implemented across all users.
Regular back up should take place with all data and stored securely offline or at an alternate site such as a secondary data centre or in the cloud.
The program’s key objective is to gather information on how our members currently manage cyber-risks, giving due consideration to concerns around issues like obsolete software, ransomware management processes and cost of recovery for back-up technology.
At the end of 2021 local government leaders across Australia ranked cyber-security failure as their number two risk, just behind financial sustainability.
It’s clear, given the cyber-environment alongside the climbing costs of cyber protection, that building resilience against cyber-risks will be key for local governments moving forward. Our cyber-pilot program will be a key factor in helping local government members develop resilience against cyber-risks.
For support on improving your local government’s cyber-security practices, contact the LGIS risk team.
Local governments are community makers, providing the places that create connection and a sense of belonging.
The City of Bunbury’s new youth precinct, Koolambidi Woola, has successfully married design and a strong risk management approach to deliver for the local community
The claimant, a cyclist, was riding his bike along a shared bike/footpath. He allegedly slipped on the path’s ‘slow down’ warning signage, injuring his ankle and knee. In his claim, the cyclist alleged that the signage was slippery and had a design flaw.
LGIS is the unifying name for the dedicated suite of risk financing and management services for WA local governments, established by the WA Local Government Association in conjunction with JLT Public Sector (part of the Marsh group of companies). LGIS is managed by JLT Public Sector (ABN 69 009 098 864 AFS Licence 226827).
Risk Matters, via this website, is designed to keep members, their staff and elected members informed on topical risk management and insurance issues and LGIS programs and services.
