What do LGIS members need to know about cyber security in 2024?

Risk Matters - Spring 2024

Picture of Liberty Mudzamba

Liberty Mudzamba

Principal Cyber Risk Consulting | Marsh Advisory, Pacific
Liberty is an accomplished Information Security professional and cybersecurity subject matter expert with over eight years of experience in cyber risk management. He is passionate about simplifying cyber risk communication to help business leaders
make effective decisions. His expertise lies in information technology governance,
risk management principles, information security audit, cyber risk quantification, and incident management.

He has supported Australian and global organisations with Cyber Incident Simulations, Cyber Risk Quantifications and Cyber transformation programs.

Liberty will be delivering the LGIS cyber security workshops across October and November this year.

cyber security graphic

What do LGIS members need to know about cyber security in 2024?

What are the main areas of concern for cyber security in Australia?

The top concerns and issues that organisations or councils are currently facing in Australia include:

  • Increasing sophistication of ransomware attacks.
  • Business Email Compromise (BEC) and Funds Transfer Fraud (FTF).
  • Third-party breaches.
  • Expanded attack surface due to remote work.
  • Rise in social engineering and phishing attacks targeting individuals.

What are three actions that leaders can take to improve cyber security?

Many local government leaders are concerned about their organisation’s cyber vulnerabilities; in the 2024 JLT Risk Report cyber risk was listed as CEOs’ number two concern. However, it’s a complex landscape and it can be daunting to work out where to start or prioritising initiatives. From a leader’s perspective there three areas to focus on, these are:

  • Training and awareness: invest in regular training for employees to recognise and respond to cyber threats. From a local government perspective, the majority of ‘cyber’ claims for the sector, thus far, arise from human error. Make sure your people understand policies and procedures, for example checking new bank account details using the phone number already on record before processing payment, and are aware of criminal tactics such as phishing, vishing and invoice fraud.
  • Implement robust security policies: establish comprehensive security protocols to mitigate risks. The Australian Signals Directorate, Essential Eight provides an excellent framework to systematically address cyber vulnerabilities. LGIS has a practical guide for members on the Essential Eight, plus a controls checklist to identify your position and where improvements can be made.
  • Conduct regular risk assessments: Evaluate the organisation’s cyber security posture to identify vulnerabilities. Cyber security risks are continuously evolving and your risk management needs to respond to new and emerging threats. Make sure that you regularly take stock of your position and make adjustments to address new vulnerabilities.

Tip: Conduct a comprehensive gap assessment to understand the current security posture and allocate resources effectively.

Other sections in this season's Risk Matters

Where we’ve been – Spring 2024

The 2024 WA Local Government Convention over 8 to 10 October was an excellent opportunity to chat with members and talk about the issues that matter to you. Over 650 delegates attended from across the state and we appreciated the effort many made to seek out our team to provide feedback and ask questions.

Read More »

What do organisations often miss in cyber security planning?

Incident response planning is often missed during the cyber security planning process. Maybe it’s an excess of confidence in cyber controls, but many organisations focus on prevention but neglect preparation for breaches. Even if an organisation has the best-made defences, it’s wise to plan for an incident. Sometimes, it’s not even a malicious act – think back to the CrowdStrike incident this year. Although not the actions of a threat actor it had wide-ranging impacts on businesses across the globe.

Hopefully a rare occurrence, a cyber breach may have a significant impact on all aspects of an organisation including reputation and financial. A well-defined incident response plan can significantly reduce the impact of a cyber incident.

Tip: Designate a dedicated point of contact for cybersecurity management to track risks and implement controls effectively.

How can local governments prepare for a cyber incident?

There are two clear elements that local governments should consider in preparing for a cyber incident. Firstly, maintain an incident response plan with clear communication protocols. Secondly test your response capabilities, make sure you regularly practice incident management to enhance response skills and protect public trust. Document everything.

Tip: Attend the LGIS workshop ‘Cyber Incident Response Management’ in your region.

What can attendees expect at the LGIS Cyber Workshops?

I’m very pleased to be visiting WA and delivering the cyber security workshops for LGIS. I’ll make sure that attendees get:

  • Practical insights into current cyber threats.
  • Best practices for enhancing cyber security posture, including the ASD Essential 8 principles.
  • Networking opportunities and resources for implementing effective cyber security strategies.

Workshop attendees can expect to gain valuable insights into cybersecurity controls and practices based on the Essential Eight framework, as well as strategies for preparing for cyber incidents. These two workshops aim to provide a comprehensive overview of these critical concepts, offering practical use cases to address potential challenges and issues that participants may encounter. Cybersecurity is an evolving field. These workshops will help local governments understand and apply established guidelines effectively.

Check out page 23 for dates of the LGIS Cyber Security workshop series

Share on Twitter
Share on LinkedIn

Other sections of this season's Risk Matters

CEO’s Message – Spring 2024

The recent WA Local Government Convention was an excellent opportunity to chat with members and talk about the issues that matter to you. LGIS also appreciated the invitation from WALGA to provide members with an update at their AGM on our 2023/24 results and achievements. For more information, our end of financial year reports, A Year in Review and Annual Financial Report, are now available on the LGIS website or you can read the article on page 18.

Read more »

Playground liability assessments for regional members

By their very nature playgrounds have an element of risk, designed to challenge children and deliver development opportunities. They’re valued and sought-after amenities in every local government area across Western Australia. They also come with high levels of expectation from the community that they will be well designed, in appropriate locations and maintained in a condition that ensures safe and enjoyable experiences for children

Read more »