Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Wednesday, 13 October 2021 13:39

How local councils can beef their defence against cyber-attacks

By Robert Nobilo, ANZ regional director, Virsec
Virsec regional director ANZ Robert Nobilo Virsec regional director ANZ Robert Nobilo

GUEST OPINION: As we have seen with the recent increase in headline-making cyber-attacks, a lack of awareness around cyber security best practice is putting the Australian public sector at high risk of ransomware attacks that could result in disruption of operation or loss of sensitive information.

The promise of the Security Legislation Amendment (critical infrastructure) Bill 2020Recently, the government drew up an updated legislation to protect Australia’s critical infrastructure, the Security Legislation Amendment (critical infrastructure) Bill 2020. It extends the scope of what is considered critical infrastructure, including organisations responsible for communications, data storage and processing, financial services and markets, water and sewerage, energy, health care and medical, higher education and research, food and grocery, transport, space technology, and the defence industry.

The bill will significantly impact Australia’s 537 local councils, many of which provide critical and essential services like water and sewage. The legislation will require them to adopt and comply with a risk management program that ensures critical infrastructure assets are protected from cyber-attacks.

The growing state of risk for today’s local councilsMaintaining adequate protection against cyber-attacks will present a considerable challenge for councils, many of whom are suffering budget constraints. Back in 2018, the Australian Local Government Association advised that local councils required an investment of $30 billion to renew and replace ageing infrastructure, a figure which greatly exceeds the funding capacity of the local government sector under current revenue arrangements. They also advised that this figure will likely to grow in the coming years to meet evolving productivity and safety requirements.

Budgetary constraints aside, smaller councils are also likely to struggle to gain access to the high-level expertise needed to achieve and maintain robust protections against cyber threats, especially those in rural and remote areas.

The NSW Auditor General’s Report on Local Government 2020 stated 58 councils in the state had yet to implement basic governance and internal controls to manage cybersecurity. It listed these controls as: a cybersecurity framework, policy and procedure, a register for cyber incidents, penetration testing, and staff training.

Other states are unlikely to fare much better. The WA Auditor General’s May 2021 Report on Local Government General Computer Controls found 328 control weaknesses in 50 local government entities, all of which could significantly compromise the confidentiality, integrity, and availability of IT systems.

The increasing digitalisation of council services and operations poses another challenge. Every initiative to improve services for citizens, or to digitise internal council operations, potentially increases the attack surface and the volume of data at risk of a breach.

A particular risk is the digitisation of infrastructure, the implementation of IoT, and the integration of operational technology and information technology.

Cyber risk has risen rapidly in the ranking of issues facing local councils. Some recent cases of councils who have been victims of cyber-attacks demonstrate how challenging achieving and maintaining robust cyber security will be.

In August, Stonnington Council in Victoria was hit by a cyber-attack. Following the attack, Stonnington CEO Jacqui Weatherill told 7 News that the council was trying to ascertain if sensitive data had been exfiltrated, and that some council staff working from home had been forced to take annual leave as a result of the incident.

 Stonnington was not the first council in Australia to have suffered a significant cyber-attack, and certainly will not be the last. In December 2020, the City of Onkaparinga council in Adelaide was hit by the Ryuk ransomware (which first emerged in 2018), forcing staff to start their holidays early. Mayor Erin Thompson told the ABC IT staff had to restore every server and every different device manually across the council network.

In October 2020, insurer LGIS reported a large metropolitan local government in WA was infiltrated by a high impact ransomware attack in which hackers had gained admin privileges causing days of near total shutdown.

Demonstrating the challenge councils face to counter ransomware, the report said the council had invested in data-protection, firewalls, anti-malware, anti-spam, and anti-virus products, but none-of these had been able to protect it from the highly-disruptive sophisticated attacks. Attackers were able to easily bypass these traditional endpoint detection security tools.

Countering ransomware requires a new approach to security
Local councils need to take a new approach to securing their critical applications as ransomware attacks continue to proliferate and become more sophisticated.

Applications require advanced security tools, which offer deeper layers of protection.

One of the best ways to achieve this advanced level of security is through deterministic protection that fully protects the software workload in runtime, wherever it is running. Within milliseconds of being installed, this technology establishes a “map” of normal behaviour within each application, by monitoring and mapping all activity including files, processes, libraries, memory usage, and web inputs.

Any deviation from the norm is instantly detected, treated as a threat, and blocked in real-time, reducing the likelihood of damage ever occurring, reducing attacker dwell time and reducing operational costs.

Adversaries will continue to wreak havoc on local councils who remain a key target due to limited awareness of cyber security threats and budgetary constraints. But with the right security tools deployed, councils can have peace of mind knowing their critical services will remain operational should they ever be targeted.

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News