The Queensland Audit Office believes that cybersecurity is “the biggest threat to state and local government public sector entities.” And with the Australian Local Government Association sharing that one of three cyber incidents reported to the Australian Cyber Security Centre (ACSC) targeted Commonwealth, state, territory, and local governments –they’re not wrong.
Given cyber-attacks on local councils are likely to increase and intensify, they must act ahead. In this article, we cover:
- How Local Council Cyber Attacks Are Close to Home
- How Cyber Attacks Affect Local Councils
- Cyber Security Solutions: Recovery and Prevention
- Lessons on Cyber Security for Councils: Prevention is Your Best Action
- Cyber Security Services: The Proactive Way
Local Council Cyber Attacks Are Close to Home
When you think of cyber-attacks, it’s likely you think of the big B2B or B2C companies. Which is no surprise given they are the ones splashed over our TVs. However, cybercrime is happening in every corner of Australia and even some quite close to home.
Apunipima Cape York Health Council
In late 2022, an Indigenous health organisation in FNQ, Apunipima Cape York Health Council, experienced a significant data breach whereby personal information of more than 8,000 staff and clients was accessed. A third party had gained unauthorised access to the Apunipima I.T. environment, resulting in a cyber security and forensic I.T. investigation.
Stonnington Council
On August 27, 2021, Stonnington Council (Victoria) CEO Jacquie Weatherill announced that an international agent had infiltrated their systems. Stonnington was forced to go offline, and council services were affected.
The ransomware attack exposed sensitive ratepayer information, with the attackers demanding payment in exchange for restoring access to the council’s systems.
Online payments, email systems, and customer service platforms were also affected. The council assured residents that emergency services were still operational and that they were working on restoring normal service ASAP.
The City of Onkaparinga
In December 2019, cyber criminals attacked government organisations around the world, including the city council of Onkaparinga. It was a ransomware attack that encrypted data across the organisation’s network, including data on their backup systems, and caused significant disruption to services.
The Ryuk ransomware gang demanded payment in exchange for the decryption key, but the city refused to pay the ransom. The council tried to restore its systems from backup for several weeks. The city thereafter reviewed its cybersecurity measures and invested in better protection against future attacks.
So, what does this mean for your council….
How Cyber Attacks Affect Local Councils
A cyberattack can have far-reaching impacts on local governments in Australia. Its most immediate effect is the disruption of services critical to the community, like health waste management, transportation, and emergency services.
A cyber incident can also gravely impact the council’s ability to make decisions, communicate with staff and the public, and process payments and applications. The cost of recovery can be worrisome, including expenses for IT services, legal fees, and potential fines.
Cyber security incidents can also erode trust and damage the council’s credibility, especially when sensitive information (e.g., personal and financial data) kept by a council is potentially exposed, with serious implications for affected individuals.
Because local governments are required to comply with regulations for data protection and privacy, a cyber-attack can be interpreted as a breach of such regulations, with possible legal and financial consequences.
Download Our eBook
In an age where the digital domain shapes our reality, the security of local councils isn’t just a technology matter—it’s a community imperative. Download our ebook to know more about Cyber security and how you can safeguard your fortress.
Cyber Security Solutions: Recovery and Prevention
In all our examples, none of them had a full understanding of the cyber security solutions in place so it took them longer to recover than if they had had the right protection. Here’s how they recovered…
After the Stonnington attack, the council:
- shut down their systems to prevent further damage;
- engaged cyber security services to conduct a review of their systems, identify vulnerabilities, and enhance Stonnington’s cyber security measures;
- assured residents that they were taking steps to prevent future attacks and to protect the sensitive information of its more than 100,000 residents;
- provided staff training; and
- reported the incident to the ACSC and the Office of the Australian Information Commissioner (OAIC), as required by law.
The City of Onkaparinga also had to shut down their systems. Their IT team took charge and had initial attempts to restore from their backups. That failed because there were a series of daily attacks that even the council’s anti-virus vendor was helpless.
The city council asked an IT cyber security service provider for help. A more advanced software was installed to neutralise the attacks, but it still took another couple of months to restore the entire system.
Lessons on Cyber Security for Councils: Prevention is Your Best Action
The best time to tackle cyber-attacks is before they happen, because working on IT recovery can be costly and takes time. Councils must prioritise cyber security by:
- Investing in cyber security solutions and services,
- Providing staff training and awareness programs, and
- Implementing robust policies and procedures.
The Australian Cyber Security Centre (ACSC) has developed and recommended the implementation of the Essential Eight. These mitigation strategies are designed to improve a council’s ability to prevent, detect, and respond to cyber threats:
| PREVENTION | |||
| Application whitelisting | Patching applications | Configuring Microsoft Office macro settings | User application hardening |
| DETECTION & RESPONSE | |||
| Restricting administrative privileges | Patching operating systems | Multi-factor authentication (MFA) | Daily backups |
The Essential Eight is the minimum cyber security standard that local councils should follow. It begins with assessing your current cyber security posture so as to identify areas needing priority attention, check where the gaps are, and find the best approach to strengthening your cyber security posture.
Cyber Security Services: The Proactive Way
Cyber security service providers can provide the necessary help to prevent cyber-attacks and minimise their damage. Future IT Services, for example, can help strengthen your cyber awareness, reduce risks, and protect your data and systems via a three-tiered plan:
| Level 1 | Level 2 | Level 3 |
| Application of a basic strategy, a good start for small businesses | Addition of controls and forensic capabilities, the minimum for all businesses | Complete alignment with the Essential Eight, recommended for local councils |
To learn how this can be done for your local council, contact Future IT Services now at 07 4058 5700 or email [email protected]. We can then help you with an IT audit, the first step to bolster protection.