Digital Transformations and Cyber Risk – A Council’s Problem

Cyber Advisory / Cyber Advisory, Industry Insights

Digital transformation is no longer an aspiration but a pressing reality.

From a technology viewpoint :

  • Automation of previously physically performed tasks; and
  • Industrial control systems including building management, waste control systems, water management and logistics controls; and
  • Internet of Things devices including CCTV cameras, payment systems, facial recognition systems and access control management; and
  • Use of the above and other systems to collect large amounts of sensitive data; and
  • Artificial Intelligence to provide reports that include dashboards and predictive intelligence.

Simply put, anything that is “smart” can be hacked.

This includes everything from smart TVs to phones and any other device that is connected to the Internet. Some of the threat vectors here are when:

  • Connected devices are compromised and end up ceasing their operation; and
  • Privacy infringements lead to identity theft and extortion; and
  • Dashboard reporting and predictive intelligence are incorrect due to the manipulation of ‘big data.’

So why would anyone work to compromise these potential vulnerabilities?

There are many organisations that use cyber risk as a direct attack vector:

  • Organised crime – Verizon’s Data Breach Investigations Report in 2018 estimated that more than half of the breaches they investigated were organized crime-related;
  • Foreign state-sponsored actors – amongst other things, Australia’s alliances with the Five Eyes and organisations such as NATO and our immigration policies mean we are a target for these kinds of attacks;
  • Corporate espionage – theft of IP and contract/tender details can provide competitive advantage;
  • Identity theft – financial and even more malicious intents; and
  • Morons – some people just want to see the world burn.

For councils, cybersecurity must be considered as one of the key foundations for a digital transformation initiative.

Councils are rapidly moving to increase efficiencies and there are many exciting projects underway that will improve the lives of constituents. To minimise the risks associated with digital transformation, councils should be aware of how complex it is to set up a good security function. Through our experience working with councils around Australia, the CTRL Team have observed that the below are the most important aspects they should address before embarking on a digital transformation project:

Any digital transformation projects should begin with a consideration of the risks of adoption and dependence on new and connected cyber technologies; and

  • Very few organisations have experts in cyber risk for IoT/IIoT within their security team. It is best to find a 3rd-party service provider that understands the digital transformation projects, outline the risk before commencement and mitigate them throughout the projects and into the future; and
  • In conjunction with the experts develop a clear cyber risk management strategy. Have this ratified at the highest levels of your organisation and use it like a roadmap; and
  • If possible, create a proof-of-concept environment where a vulnerability and risk assessment exercise will effectively highlight risks so that they can be mitigated, from the beginning; and
  • Before project commencement outline at least a 2-year plan to maintain the security of the project components. This can include threat and operational monitoring from a Security Operations Centre, ongoing security consulting work and a regular programme of vulnerability and penetration testing.

These basic steps will ensure that there is organizational alignment when it comes to securing your council and mitigating serious consequences from hacks – effectively helping councils focus on delivering on the promises made to their constituents.

Let’s embrace digital transformation and make sure cyber risks are well-considered. As well, please address cyber risks as efficiencies are adopted, the benefits from the reporting and convenience to be reaped from digital transformations.

CTRL Group and Allcom Networks are always ready for a conversation to help get you started and optimize your digital transformation journey.

Related Articles

Cybersecurity Resilience, Cyber Threat Intelligence
Data Breach / Cyber Compliance
Australian Notifiable Data Breach – Key Takeaways
Read more
Cyber Compliance / Cyber Advisory, Cyber Compliance
Cyber Regulations and Australian Compliance Overview 2022
Read more
CTRL Group discuss the latest cyber attacks and cybersecurity trends
ELT Relationships / Incident Response
Cybersecurity for Employees, Board and ELTs
Read more