TelcoNews Australia - Telecommunications news for ICT decision-makers
Australia
Guides
#
5g & beyond
#
broadband
#
internet of things
#
software-defined networking
#
unified communications
Search
Story image
#
Ransomware
#
Supply Chain & Logistics
#
Cybersecurity

Australian councils urged to adopt managed security services

Yesterday
Author image
By Sean Mitchell, Publisher

Cybersecurity specialists are urging Australian local councils to regard Managed Security Service Providers (MSSPs) as an essential component of their core operations due to increasing cyberattacks targeting local government entities.

Recent months have seen several Australian councils impacted by cyber incidents that disrupted operations, exposed sensitive data, and created challenges to maintaining community trust. While cybercriminals previously focused on large corporations, experts caution that councils are now being deliberately targeted, highlighting their perceived vulnerability.

Notable incidents in the past two years include the ransomware attack on Isaac Regional Council in Queensland in April 2023, which led to an extensive shutdown of IT systems and required substantial external cybersecurity intervention for recovery. In July 2024, Wattle Range Council in South Australia experienced a breach when the LockBit ransomware group stole and released more than 40,000 files from a legacy server, accompanied by a ransom demand. Meanwhile, Glenorchy City Council in Tasmania investigated unauthorised activity within an externally managed IT system in December 2024, exposing weaknesses in supply chain security, though no data loss was confirmed.

These incidents reflect a broader national issue. According to the Australian Cyber Security Centre's Annual Cyber Threat Report for 2023–24, there were nearly 94,000 cybercrime reports in a single year – a 23% increase from the preceding period. Thirteen percent of reported attacks targeted government entities, including local governments, highlighting the sector's susceptibility.

Local councils are appealing targets due to the considerable volumes of personal and business data they manage, as well as their digitised public services. However, they often operate with limited cybersecurity resources. Common challenges include restricted internal IT capacity, legacy systems lacking updates or patches, gaps in around-the-clock monitoring, insufficient staff training on cybersecurity practices, and poor oversight of third-party vendors.

Cyberattackers exploit these deficiencies, resulting in more frequent incidents that compromise community data, disrupt essential authority services, and erode public confidence in council leadership.

MSSPs present a model for councils to improve their security posture. They provide continuous services such as threat monitoring, incident detection, vulnerability management, and rapid response to breaches. Councils leveraging MSSPs can benefit from real-time threat detection outside of normal business hours, enhanced resilience to ransomware and supply chain incidents, access to specialist expertise and advanced tools without the need to build large internal teams, and support in meeting government cybersecurity requirements.

"It's no longer a question of if a council will be targeted, but when, and whether they'll be able to respond quickly and effectively," said a cybersecurity advisor familiar with council infrastructure across Victoria and New South Wales.

Beyond preventing attacks, MSSPs are emphasised as crucial in ensuring the continuity of vital community services. If a council falls victim to a cyberattack, disruptions can affect services from waste collection and planning approvals to community health initiatives. Compromised citizen data can lead to lasting damage to public trust.

Engagement with an MSSP thus extends beyond prevention, offering preparedness strategies that aim to keep services operational and councils in a proactive position regarding potential threats.

Sector reviews continue to highlight gaps in local government preparedness. The 2023 report by the NSW Auditor-General noted most councils lacked incident response strategies, had failed to implement multi-factor authentication, and maintained limited oversight over IT contractors. Similarly, a review in Western Australia found that none of the 12 councils assessed met minimum security benchmarks, bolstering the case for specialist external support.

Australian cybersecurity firms are responding with services tailored to council needs. These typically include support with developing incident playbooks, conducting staff training to identify and report security concerns, running regular penetration tests and system audits, ensuring compliance with the Cyber Security Strategy 2023–2030, and responding to novel threats as they emerge.

Borderless CS, a Melbourne-based cybersecurity company, is one such provider currently supporting local councils and not-for-profit institutions across Australia. The firm offers multiple tiers of managed security services, ranging from business-hour protection to fully managed 24/7 coverage. However, its core mission is to help councils build long-term cyber resilience, not to offer one-size-fits-all solutions. 

"Our aim is not to just monitor and alert, it's to empower councils to understand their risk landscape and improve it over time," said Jaya, Borderless CS's CEO. "We see ourselves as partners, not vendors."

As regulatory pressures increase and cyber threats evolve, council leaders are being encouraged to reassess their organisation's cyber defences. The federal Cyber Security Strategy underscores the need for local governments to enhance digital security and to work more closely with industry professionals.

Cybersecurity is now considered an organisational responsibility that extends beyond IT departments to include mayors, chief executives, and councillors. Engaging a qualified MSSP is being characterised as an essential operational safeguard for local councils.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Newmont deploys 5G tech at Cadia mine for efficiency boost
AI boosts Australian cyber defences against rising threats
SOTI partners for enhanced supply chain print solutions
Infoblox & Google Cloud partner for hybrid networking
Ericsson unveils wireless-first architecture for AI era
Top stories
Tech leaders join Vinnies CEO Sleepout for homelessness aid
AI drives data centre sustainability across the globe
Woolworths expands solar project with Virtual Net Metering
Upskilling initiatives key to Australian business success
Call for Australia to prioritise digital skills reform