2023 set a new global record with cybercriminals making a staggering $1.1 billion from ransomware attacks, surpassing the previous year’s total of $567 million (Chainalysis).
While ransomware payment volume dropped in 2022, the bigger picture from 2019 to 2023 shows that ransomware is becoming a bigger problem. It’s important to note that productivity
losses and repair expenses resulting from these attacks aren’t accounted for in these trends.
The Australian Signals Directorate (ASD), Annual Cyber Threat Report 2022/23 provides an Australian context for these global trends. The cybercrime landscape in Australia is changing with a growing prevalence and impact of ransomware attacks. The ASD responded to 127 extortion-related incidents, out of which 118 involved ransomware or other forms of system, file, or account restrictions. Additionally, the ASD notified 158 entities of ransomware activity on their networks, representing a seven percent (7%) increase compared to the previous year.
In the same period the ASD’s Cyber Report received nearly 94,000 reports of cybercrime, reflecting a 23% increase compared to the previous financial year. Overall, the cost of cybercrime to businesses increased by 14% compared to the previous financial year.
A recent case involving the Shire of Denmark and a tourist turned on
whether pea gravel at the bottom of some stairs was an obvious risk and
what is the extent of a local government’s duty of care in relation to obvious risks.
LGIS, together with WorkCover WA and legal partners Mills Oakley and Moray & Agnew have delivered four sector specific information sessions on the new Workers Compensation and Injury Management Act (2023) WA.
Members have been asking ‘How do we manage the use and charging of e-scooter and bikes (micro-mobility)?’. Charging stations and facilities have already been made available by some members while others are considering the potential benefits.
Be prepared with an incident response plan
With cybercrime on the rise, incident response plans are crucial to minimise the impact of cyber-attacks. By being prepared and proactive, members can better protect themselves against ransomware threats and mitigate potential financial and reputational damages.
Make sure to document what you’ve learned from the attack, how it happened, and the steps you need to take to prevent
it from happening again. Look at your ransomware policy and make any necessary updates. Don’t forget to also update your IT disaster recovery plan.
Review and refresh the data backup strategy, incorporating accepted best practices and lessons learned in the ransomware event. This may require re-architecting the data backup system if it falls short of data security needs.
Engage a cyber defence service provider to perform an ‘indicators of compromise’ assessment of the entire network. Find and eliminate any remaining malware or associated files or artefacts. Consider using a provider other than the forensics company that supported the response. While discovery and eradication of indicators of compromise is part of the response effort, an independent and comprehensive post-incident assessment will provide additional confidence that ransomware has been eliminated.
Address network and system vulnerabilities or gaps identified during the forensic analysis to prevent a repeat attack. Conduct an after-action review and lessons learned (AAR-LL) session with all who were involved in the incident. Capture information on what went well and what did not go well and identify corrective actions to improve the response process for future ransomware events. For each gap or weakness, identify a senior manager or executive to be accountable for the completion of corrective actions.
Review and refresh the data backup strategy, incorporating accepted best practices and lessons learned in the ransomware event. This may require re-architecting the data backup system if it falls short of data security needs.
LGIS recognises the support our members need in this highly complex and technical area, so in 2022/23 we launched our cyber pilot program. The risk program, currently in its second phase, aims to develop guidelines to explain ASD Essential
8 requirements and the implementation steps to achieve compliance with these requirements to the greatest extent possible. In addition to the ASD 8 guide, LGIS will also release an Incident Management Guide to assist members build their own protocols.
Members also have access to Chubb’s incident and claims management expertise. The 24/7 hotline is supported by Clyde and Co. who can assist in triage and management of a cyber incident including legal advice, contractor selection and ransomware negotiations.
To have a chat about your cyber risk practices and how to manage them, please get in touch with your LGIS account manager.
There’s less than eight weeks to go before we say goodbye to 2023/24 and the vast majority of members have completed their declarations for the 2024/25 membership year.
Across Western Australia local governments create and deliver spaces that welcome everyone – from libraries to recreation centres and playgrounds. These services and facilities foster community connection but unfortunately they can also witness anti-social behaviour.
CCTV, alarms and dedicated security may require significant investment (depending on scope), but for those local governments who have identified serious hazards associated with ASB, it’s an investment that may be warranted. When considering these options, it’s important to consider not just the initial investment but the ongoing commitment of resources.
LGIS is the unifying name for the dedicated suite of risk financing and management services for WA local governments, established by the WA Local Government Association in conjunction with JLT Public Sector (part of the Marsh group of companies). LGIS is managed by JLT Public Sector (ABN 69 009 098 864 AFS Licence 226827).
Risk Matters, via this website, is designed to keep members, their staff and elected members informed on topical risk management and insurance issues and LGIS programs and services.
