The amount of data that local governments deal with has grown exponentially. In particular, the pandemic induced restrictions resulted in people working remotely, often without access to IT and security updates. With hundreds of small government institutions across Australasia, ransomware has become low-hanging fruit for cybercriminals.
Australian government organisations have endured a shocking number of cyber attacks aiming at obtaining information and disrupting essential services. A survey conducted by the Australian Cyber Security Centre stated they received over 76,000 reports of cyber security incidents in 2021-2022, an increase of nearly 13% from the previous year.
New Zealand is also experiencing an upward trajectory with 350+ cyber security incidents over the 2019-2020 period. This included incidents of malware, phishing attempts, supply chain attacks and malware. The Ministry of Justice and Te Whatu Ora (Health New Zealand) have recently been impacted by a cyberattack on a third-party IT support provider which jeopardised confidential files.
Why are local governments being targeted?
With pandemic induced restrictions, many councils have increased digitisation of service offerings. This has resulted in increased public data being held by local governments. Conversely, because councils are often operating on a shoestring budget, they do not have dedicated cybersecurity experts so holes in security can leave them vulnerable to cyber breaches. Additionally, with the rapid pace of digitisation in local councils due to covid, there may be insufficient investigation into risk of adopting different IT services.
Council members unfortunately have become accustomed to using emails for updates and sending/receiving documents. This poor practice can have significant ramification as ransomware attacks often entail using an email with infected links or attachments. If councillors are less wary with emails, they are less likely to exercise caution around potential cyber breaches. While ransomware attacks are unsophisticated, they can have major negative impacts including blocking users access to files, systems and devices which can be held hostage for ransom.
Research agency Vanson Bourne conducted a survey during January and February of 2022 and results showed that:
- 58% of local government organisations were hit with ransomware in 2021
- 72% of local government attacks resulted in data encryption
- In state and local government, 59% of respondents perceived an increase in the volume of attacks on their organisation
How to protect your local government
With so many attempted cyber attacks it's important to take steps to protect your local government. The sentiment 'it's not if, but when' rings true for many organisations in regards to cyber attacks. We have put together 3 recommendations to help you protect your citizen's sensitive information.
- Stop using email to communicate meeting materials, this invites unnecessary levels of risk. Override the chance of human error by using cloud-based software like StellarGovt to create and share council agenda documents. If councillors know all documents will be accessible via Stellar, this will decrease the chances of clicking on a ransomware attack email.
- Cybersecurity training for councillors as well as all staff involved in agenda creation and distribution. This is essential to identify potential cyber risks and empower employees to know their responsibility with cyber security.
- All councillors must be aware of the council's cybersecurity plans and have a robust and systematic approach to manage and review to ensure cyber security resilience of the local government.
Want to find out more about how StellarGovt can help protect your council? Read here: https://stellargovt.com/