In the evolving landscape of cyber threats, Australian local government authorities (LGAs) face an increasing risk of attacks, making robust cybersecurity measures imperative.

In 2022, the public sector, including LGAs, ranked second in cyber-attacks, trailing only the healthcare sector. Shockingly, over 200 local governments experienced ransomware attacks. This concerning trend highlights the urgency for LGAs to fortify their cybersecurity defences against a myriad of threats.

Unique Challenges for Australian LGAs

Local governments, responsible for managing a wealth of sensitive data, face heightened risks due to their limited budgets and resources. The personal information, financial records, and payment gateways held by LGAs make them attractive targets for cybercriminals. Compounding the issue, many LGAs operate with constrained financial resources and have to deliver on a number of IT requirements such as connectivity to third-party suppliers, wireless public networks (for libraries etc) and IoT devices for local services. This span of digital demand hinders their ability to invest in cutting-edge cybersecurity technologies and protocols that protect it all.

Top 4 Cybersecurity Threats for Australian LGAs in 2023

Phishing Attacks: With nearly half of the phishing attacks in 2022 targeting government employees, local governments are a prime target. IPSec advocates for regular phishing training and simulations to enhance awareness and reduce the risk of breaches.
Ransomware: The incidence of ransomware attacks on local government organisations surged in 2022. IPSec recommends a fully layered cybersecurity system, complete with monitoring and alerts, routine endpoint protection and rollbacks to mitigate this threat.
Third-Party Threats: Responsible for over 60% of cyber-attacks, attacks that come from third-party applications or external API connections pose a significant challenge for LGAs given their reliance on third-party suppliers to deliver on critical operations contracts. IPSec suggests implementing background checks, cybersecurity architecture reviews of 3rd party suppliers, API code examination, third-party security clearances, and monitored behavioural analytics to detect unusual activities generated from third-party suppliers.
Internet of Things (IoT) Devices: As IoT devices proliferate, local governments must address the associated cyber risks. IPSec advises segmenting networks, connecting each device to an endpoint protection monitoring system, implementing strong passwords, regularly updating software, monitoring network traffic, and using encryption to protect against IoT threats.

Want to get started? Sign up to our LGA 360 Cybersecurity Educational Initiative.

  As technology continues to play a central role in delivering critical city and regional government operations, the vulnerabilities and threats also increase. IPSec, in collaboration with LGAs, underscores the importance of adopting best practices and staying informed about emerging cyber threats.
  
Together, we can build a resilient cybersecurity framework that safeguards the personal data and critical services crucial for our communities, ensuring a cyber-secure future for Australian cities and regional councils.