SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
Digital Transformation
#
Phishing

Australian councils urged to boost cyber threat training

Yesterday
Author image
By Sean Mitchell, Publisher

Cyberattacks targeting Australian local councils have been rising in frequency, with many councils unprepared due to insufficient cybersecurity awareness training for staff.

According to recent audits, less than 50% of Australian councils currently provide cybersecurity awareness training, thereby increasing their vulnerability to phishing scams and social engineering attacks. Human error is noted as a significant contributor to data breaches, accounting for 30% of all reported incidents in Australia from January to June 2024, with common mishaps such as emailing personal information to the wrong recipient and failure to use BCC in group emails.

The persistent issue of phishing emails, credential theft, and inadequate password practices adds further risk to council systems. Reports from New South Wales (NSW) and Western Australia (WA) show that some councils with training programmes still experienced breaches during phishing simulations. One instance in WA documented a significant internal breach after an employee forwarded a phishing email, resulting in numerous staff and external contacts compromising their credentials.

Addressing this challenge, cybersecurity provider Borderless CS has introduced a Phishing Simulation and Awareness Platform tailored to enhance local councils' resilience against cyber threats. This solution provides councils with the ability to perform email simulations and deliver training that targets specific vulnerabilities. The interactive training modules focus on crucial areas such as email security and data protection, while allowing council leadership to track progress and compliance through a reporting dashboard.

State audit offices have called for mandatory cyber training across all local councils, citing worrying findings such as the Queensland Audit Office's discovery that 25% of councils had not engaged in any cyber training, despite heightened threat levels. Further investigations in NSW uncovered that several councils lacked formal incident response plans and adequate staff training. In Western Australia, more than half the staff at audited councils entered credentials into fake portals during phishing simulations, highlighting a critical area for improvement.

As cybercriminals refine their techniques, councils must counteract with robust and agile defences. Though technical solutions like firewalls and data encryption are crucial, they rely on staff being able to recognize and avoid threats. The Borderless CS platform aims to convert staff into active defenders against cyber threats through specific training that encourages a comprehensive security-aware culture among all levels of staff.

Data from the first half of 2024 shows phishing responsible for 12% of all reported data breaches, often succeeding where technical safeguards do not. One such incident involved a council employee being deceived by a fake QR code, which allowed attackers to penetrate multi-factor authentication barriers.

Local governments face increasing pressure from incidents such as ransomware encrypting financial records in NSW and fraudulent transactions through compromised online payment systems in Queensland. These breaches undermine not only the stability of public services but also public confidence in digital infrastructure.

Cybersecurity has evolved from being a domain solely for IT departments to a broad organisational responsibility, with government guidelines now mandating staff awareness and regular simulations as fundamental expectations for council resilience.

Jaya Prakash, Chief Executive Officer of Borderless CS, stated: "Cyber threats don't wait for local councils to be ready, they exploit the first sign of weakness. Our goal is to close that human gap with accessible, effective, and measurable training that transforms staff into the first line of defence."

As local councils continue digitising their services and engaging more with citizens online, investing in cybersecurity awareness and training becomes essential. Such initiatives are not merely checkboxes but are crucial strategic defences, according to Borderless CS's stance, encouraging a shared responsibility across all council teams.

By implementing a forward-looking, people-centred strategy for cyber defence, councils signal their commitment to protecting public data and guaranteeing continued access to critical digital services.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
ThreatAware unveils Version 3.0 of its cyber security platform
Exabeam unveils Nova AI agent for enhanced security ops
Sonatype reports rise in open source malware to 17,954
Harmony or havoc? The challenge of managing network security complexity
Bugcrowd launches compliance pentesting service for MSPs
Top stories
Datadog to open first Australian data centre by mid-2025
F5 unveils VELOS upgrades for AI in service providers
Rise of Gen AI 'gray bots' threatens online platforms
The bot battle: How to defend against scraping attacks
Kaspersky discovers & patches zero-day Chrome flaw