Image: Getty Images
The Western Australia Auditor-General has slammed local government (LG) entities in the hard border state, after determining they were not managing cyber risks well.
The outcome of the audit was summed up by two key findings noted in the audit report. The first was most vulnerabilities found during black box testing were over a year old, and in one instance, a vulnerability had existed for a decade and a half.
“We tested the audited LG entities’ publicly accessible IT infrastructure and found vulnerabilities of varying types, severity, and age. The vulnerabilities included disclosure of technical information, out-of-date software, flawed or weak encryption, insecure software configuration, and passwords sent in cleartext over the internet,” it said.
“44% of vulnerabilities were of critical and high severity, with a further 49% of medium severity.
“Known critical and high severity vulnerabilities are generally easy to exploit and expose LG entities to increased risk of compromise.”
This is not good
Image: Office of the Auditor General for Western Australia
The AG found out-of-date software accounted for 55% of vulnerabilities, followed by weak or flawed encryption on 34%, and insecure configuration on 8% of vulnerabilities.
The second key finding was a