Future spending on Cyber security by local councils in NSW looks likely to increase.
Note: In their last investor update in April, TNT said it was already working with
many local councils :
"Tesserent works with:
- 47 Federal and State Departments and Agencies
- 25 Local Councils"
Clearly more opportunities here (~140 in NSW alone) if TNT become the "go to" supplier in this space.
https://www.itnews.com.au/news/dozens-of-nsw-councils-still-without-basic-cyber-security-controls-audit-finds-565203
May 28 2021 12:35PM
More than a third of local councils across NSW are still without basic internal controls and governance arrangements for cyber security, the state’s auditor-general has revealed.
In its annual audit of the local government sector, the NSW Audit Office found poor management of cyber security at 58 of the state’s 128 local councils, nine county councils and 13 joint organisations.
“Fifty-eight councils have yet to implement basic governance and internal controls to manage cyber security,” the report [] released on Thursday said.
It said this included “a cyber security framework, policy and procedure, register or cyber incidents, penetration testing and training”.
Bellingen Shire Council was singled out in the report for its lack of a cyber risk framework and policy (a repeat finding), as was Maitland City Council for having gaps in its cyber security controls.
Newcastle City Councils was similarly found to have no formal IT policies and procedures for cyber security, as well as access management and incident management.
Maitland City Council and Newcastle City Council were also found to have no cyber security awareness program.
While the result is an improvement on last year, when 80 percent of councils were found to have no formal cyber security policy, the audit highlights the ongoing struggle to address IT security risks.
The audit notes that while there is no requirement for councils to comply with the NSW government’s cyber policy, “councils may find it useful to refer to the policy for further guidance”.
Cyber Security NSW is currently working with the Office of Local Government with the Department of Planning, Industry and Environment to develop an industry-specific cyber security policy by July.
It follows a recommendation in last year’s local government audit that the Office of Local Government do so to “ensure a consistent response to cyber security risk across councils”.
The government has also since and smaller agencies thanks to a $60 million investment in the central cyber office last year.
The peak body for councils in the state, Local Government NSW, for failing to support cyber security in the local government sector.
The audit report also found that 64 councils “did not formalise and/or regularly review their key IT policies and procedures.
A further 43 councils “did not perform a periodic user access review to ensure users’ access to key IT systems” were appropriate and 68 councils “did not monitor privileged accounts’ activity logs”.
All IMHO, DYOR
