Moorabool Shire Council
At A Glance
Moorabool Shire is a fast-growing semi-rural municipality nestled between Melbourne, Geelong and Ballarat. The Council provides more than 50 services, and therefore the Council’s ICT team is protecting a rich set of customer data which includes: maternal childcare, aged care, early years – kindergartens – details of children, parents and contact numbers.
- Supports 250 email users
- Requirement for an additional layer to MicrosoftO365 to protect the Council from targeted attacksincluding URL, spearphishing, ransomware,attachment and impersonation attacks
- Substantial reduction in queries and reports fromcouncil workers and increase protection againsttargeted threats
Local and state governments are now big targets for cybercrime. Recently, the Australian Signals Directorate has responded to 1097 “cyber incidents” over the last three years affecting both unclassified and classified government networks. Councils are under attack and it’s easy to see why.
Credit card details, ratepayer information, business and development proposals all sit on their networks – and they all need to be protected.
Without a layered cyber defence, councils can risk devastating impacts on local service delivery, loss of trust and big regulatory fines for any failure to secure personal data of residents.
Moorabool Council’s ICT manager Lalitha Koya faces this growing threat landscape every day. Moorabool Shire is a fast-growing semirural municipality nestled between Melbourne, Geelong and Ballarat.
The Council provides more than 50 services and so Koya is protecting a rich set of customer data: maternal childcare; aged care; early years – kindergartens – details of children, parents and contact numbers.
“There is a commonality of growing threats – mostly targeted phishing attacks. This is followed by unsecured privilege accounts, insider threats, ransomware and malware,” said Koya. “Most of these threats originate in email.
Email Is Based On Trust
The Council relies heavily on emails as a trusted channel for communication. Although most phishing attacks are not sophisticated, cybersecurity needs a multifaceted approach. “We can implement preventative measures, but user awareness has to figure highly when protecting your organisation. We have to do refreshers to remind people they are doing the right thing and not clicking on the wrong links.”
In the past three years Moorabool had a ransomware incident involving email plus two other security incidents: one involved password credentials and the other was also a compromised email. The team had a solid backup and response plan so were able to stand up very quickly, minimising disruption. While no credentials or any information was lost, the most recent incident warranted a Notifiable Data Breach.
“We knew whatever we did next we needed to have measures in place to combat URL, spear-phishing, ransomware, attachment and impersonation attacks,” said Koya.
The Council is currently adopting a cloud-first IT strategy, closely aligned with its Microsoft Stack. “We’ve been using many elements of Office 365 for the past 4-5 years: Outlook, Power BI, Teams and Skype for Business,” Koya said. “Most councils I know are looking at SaaS-based solutions.”
But cloud security creates new problems as it inevitably can become an afterthought with some SaaS providers. “When everything is on premises, you think about the security aspects of applications, but people overlook these when moving into a cloud platform,” explains Koya. “If you’re not thinking of security when moving to cloud you may end up offloading your issues to someone else.”
In readiness to move to the Cloud, Koya started reviewing the Council’s security late last year. “When using Microsoft 365, some of the security measures we had in the past were less effective,” he said. “We were really seeing a pattern – we saw more and more phishing and whaling attacks like impersonation being used so we had to focus and work out how we could mitigate our risk.”
The team looked outside and after testing a few systems found that Mimecast fitted with the Council’s IT strategy perfectly. “Since implementation we’ve seen a substantial reduction in queries and reports from council workers. Before we had a few reports a month and now, this has almost dropped to zero,” said Koya.
He added that everything comes back to trust. “Security builds on trust but it easily can be betrayed with just one incident. We use Mimecast because we want to make sure we’re doing all we can to contain any threat,” he said.
“Since implementation we’ve seen a substantial reduction in queries and reports from council workers. Before we had a few reports a month and now, this has almost dropped to zero.”
Lalitha Koya, ICT manager, Moorabool Council