A CYBERATTACK on Bayswater council has prompted it to consider hiring a cybersecurity officer and spending up to $165,000 on safety upgrades.
City staff advised councillors that the cost of “not undertaking essential cybersecurity protection is immeasurable and has not been contemplated”.
Last year the city’s website was caught up in a clever hack that affected more than 4200 websites worldwide.
The hack inserted a script that used people’s computers to generate the cryptocurrency Monero, with the cash being sent to the hacker’s account.
Last year the city commissioned Deloitte to audit its cybersecurity and it awarded a rating of 1.5 out of 5.
The proposed cybersecurity upgrades in the 2019/20 budget would increase this rating to 3.
• $60,000 to identify and remove credit card numbers stored in old documents and emails
• A $5000 “IT vulnerability scan” to probe the existing system for weaknesses
• $80,000 to replace backup servers which are often targeted in data hostage hacks
Government bodies have increasingly been the target of hackers in recent years.
The perpetrators have ranged from extortionists wanting payment in cybercurrency, to suspicions that a “state actor” could be behind some cyberattacks.
In October last year the WA government revealed that departmental websites had been subject to millions of intrusion attempts in the last couple of years, with 11 successful to some degree.
Some of those were as simple as hackers sending phishing emails to get people to provide their personal details, but one involved hackers tapping into North Metro TAFE systems and stealing staff account details, encrypted password files and students’ details.
In the US, local governments including the City of Atlanta and the City of Baltimore have been paralysed by ransomware hackers holding their data hostage. These attacks infest the IT systems with viruses that lock users out, and can delete all data if the victim doesn’t pay a ransom.
UK-based information security expert Scott Helme–who uncovered the global hack that affected Bayswater council last year–said at the time “there were ways the government sites could have protected themselves from this.
“It may have been difficult for a small website, but I would have thought on a government website we should have expected these defence mechanisms to be in place”.