More than a 3rd of local councils throughout NSW are still without the need of essential inner controls and governance preparations for cyber security, the state’s auditor-normal has discovered.
In its yearly audit of the local government sector, the NSW Audit Business discovered inadequate management of cyber security at 58 of the state’s 128 local councils, 9 county councils and thirteen joint organisations.
“Fifty-8 councils have however to implement essential governance and inner controls to handle cyber security,” the report [pdf] unveiled on Thursday stated.
It stated this integrated “a cyber security framework, policy and procedure, sign-up or cyber incidents, penetration tests and training”.
Bellingen Shire Council was singled out in the report for its lack of a cyber chance framework and policy (a repeat finding), as was Maitland Town Council for obtaining gaps in its cyber security controls.
Newcastle Town Councils was equally discovered to have no formal IT policies and techniques for cyber security, as nicely as accessibility management and incident management.
Maitland Town Council and Newcastle Town Council were being also discovered to have no cyber security awareness system.
Though the consequence is an advancement on last calendar year, when 80 p.c of councils were being discovered to have no formal cyber security policy, the audit highlights the ongoing struggle to tackle IT security threats.
The audit notes that though there is no necessity for councils to comply with the NSW government’s cyber policy, “councils could discover it practical to refer to the policy for more guidance”.
Cyber Protection NSW is at present working with the Business of Regional Governing administration with the Division of Planning, Business and Ecosystem to develop an market-specific cyber security policy by July.
It follows a recommendation in last year’s local government audit that the Business of Regional Governing administration do so to “ensure a constant reaction to cyber security chance throughout councils”.
The government has also considering the fact that prolonged the remit of Cyber Protection NSW to consist of councils and smaller businesses many thanks to a $60 million financial investment in the central cyber business last calendar year.
The peak body for councils in the point out, Regional Governing administration NSW, last calendar year criticised the government for failing to help cyber security in the local government sector.
The audit report also discovered that sixty four councils “did not formalise and/or frequently overview their essential IT policies and techniques.
A more forty three councils “did not carry out a periodic user accessibility overview to ensure users’ accessibility to essential IT systems” were being suitable and sixty eight councils “did not monitor privileged accounts’ activity logs”.