IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

328 security weaknesses found in Australian local government systems

A report has been submitted to Parliament underlining the weaknesses of the computer environments in local government entities

The computer systems used at 50 Australian local government (LG) entities have been found to contain 328 control weaknesses, and in one case a network password had not been changed since 2002.

The report, carried out by the auditor-general of Western Australia Caroline Spencer, has been submitted to Parliament and focused on the computing environments of 50 entities to determine if they effectively support the confidentiality, integrity and availability of the information they hold. 

The audit focused on 6 areas: information security, business continuity, management of IT risks, IT operations, change control, and physical security.

Spencer found that LG entities need to improve their general computer controls. 328 control weaknesses were reported to 50 entities, with 10% (33) rated as significant and 72% (236) as moderate. 

“As these weaknesses could significantly compromise the confidentiality, integrity and availability of information systems, the LG entities should act promptly to resolve them,” wrote Spencer.

For 11 entities, a “capability maturity assessment” was performed, which is the most comprehensive information systems audit the authority carries out. None of the 11 entities met the expectations across six control categories, with 79% of the audit results below the minimum benchmark.

Related Resource

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

2021 state of email security report: Ransomware on the rise - whitepaper from MimecastFree download

Spencer revealed that five of the entities were included in last year’s in-depth assessment and could have improved their capability by addressing the previous year’s audit findings but “did not discernibly do so”.

Given the nature of the findings, the entities have not been identified, although Spencer said this practice may change over time to provide an incentive to public entities to more promptly address identified control shortcomings.

At one entity, the use of privileged access rights to the network were not appropriately restricted and controlled. The entity had not changed the password for the default network admin account since 2002, even though a number of IT staff who knew the password had left.

At another, there were inadequate controls to check the integrity and authenticity of emails. Malicious users could impersonate genuine individuals to gain unauthorised access to systems and information, leaving the entity at increased risk of cyber-attacks. Plus, it emerged staff were using many different cloud storage services to share the entity’s business information, putting its sensitive information at risk.

The report provided six recommendations for each area it focused on and local entities are now expected to prepare an action plan within the next 3 months to address the matters raised in the report.

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download

Recommended

US lawmakers warn Apple against using Chinese chips in next iPhone
components

US lawmakers warn Apple against using Chinese chips in next iPhone

23 Sep 2022
Australian telco Optus confirms cyber attack involving potential leak of sensitive customer data
cyber attacks

Australian telco Optus confirms cyber attack involving potential leak of sensitive customer data

22 Sep 2022
Philippine senate to probe incessant surge in text scams
phishing

Philippine senate to probe incessant surge in text scams

8 Sep 2022
US blocks CHIPS-funded companies from investing in China
Policy & legislation

US blocks CHIPS-funded companies from investing in China

7 Sep 2022

Most Popular

The human brain is far more complex than AI researchers imagine
artificial intelligence (AI)

The human brain is far more complex than AI researchers imagine

17 Sep 2022
How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022