Auditor General says a report on cyber safety of local governments is ‘really concerning’
Local councils have had their “pants pulled down” after the Office of the Auditor General tabled a report in Parliament on the cyber safety of local government networks.
15 local councils were targeted by an ethical hacking team under the Auditor General’s Office and found eight failed when it came to simple cybersecurity questions, with some even offering detailed information of staff members.
Speaking with Oliver Peterson Auditor General, Caroline Spencer, couldn’t believe the findings.
“I’m very disappointed. I mean this is a massive wake up call for the local government sector,” she said.
Ms Spencer says the Office worked with Edith Cowan University to ethically hack the councils as a test of how safe the their information is.
“What we found is that we could get into some local government systems,” she said. “We actually gained access to local government credentials. So, we had over 50 people in local governments out of the 15 audited that provided us their username and password in response to some phishing emails we sent.”
The ethical hackers were able to use this information to log into government servers and gain more data.
“We were able to access citizen information, license applications, business permit applications and information and data within one particular local government. Really concerning,” she said.
The councils in question have been notified of the report. Ms Spencer is urging all local councils to be aware of the report.
“We’ve made some recommendations in our report and we’ve put in a better practice guide at the appendix of the report and these are basic principles around building cyber resilience,” she said.
Press PLAY to hear more