At least one Queensland council has suffered a cyberattack in 2023 and weakness in the information system controls continues to increase among councils. Credit: Elnur/Shutterstock In April, one regional council in central Queensland suffered a cyberattack and is yet to determine its impact. According to the Queensland Audit Office local government 2022 audit, councils are taking too long to resolve high-risk issues with 65% of unresolved significant deficiencies as at 30 June 2022 remain unresolved more than 12 months after being identified. Significant deficiencies are those that have substantial financial or reputational risk for councils and need to be addressed immediately, explains the report. Almost two-thirds of councils still have significant deficiencies in their information systems, the concern is the increase in cyberattacks across the public sector. The audit recommends the Department of State Development, Infrastructure, Local Government and Planning in collaboration with the Queensland Government's Customer and chief digital officer develop a strategy to increase awareness and improve capability in the sector on cyber-related matters. "It is critical that councils implement strong security controls to protect their data from cyber-attacks, undetected errors, and potential financial loss, including through fraud," the document states. Queensland's Audit Office Forward work plan 2023-26 includes information on responding to and recovering from cyberattacks with insights and lessons learned on entities' preparedness. Lack of password controls, security governance policies The most common issues identified were inappropriate access levels being assigned to council staff, lack of good controls to implement and monitor strong passwords, and lack of good policies to govern the security of information systems. As per the audit, "implementing effective controls to mitigate the risk of cyberattacks should be performed on a cost-benefit basis," which could be one of the issues stopping councils taking appropriate measures. According to the 2020 report Managing cyber security risks, the Audit Office recommends all Queensland's public sector entities assess if they have a framework for managing cybersecurity risks, know what information assets they have, and know to what extent those information assets are exposed to cybersecurity risks. NSW councils are also facing serious issues when it comes to cybersecurity, with almost half of the state's councils not having a formal cybersecurity plan in place and not being required to follow guidance. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe