HRM has insufficient oversight of its cybersecurity risks, AG report says – Halifax | 24CA News

Canada
Published 16.08.2023
HRM has insufficient oversight of its cybersecurity risks, AG report says – Halifax | 24CA News

In her closing act as Halifax’s Auditor General, Evangeline Colman-Sadd offered the findings of a administration of cybersecurity audit on Wednesday.

“Their limited policies and processes, they need to work on those things,” she stated in regards to the Halifax Regional Municipality. “They need to work on identifying risks and shoring up their cybersecurity risk register, so that really is key to that oversight piece.”

The report finds that HRM has not supplied acceptable oversight of its cybersecurity dangers, and that the cybersecurity program at HRM requires consideration.

“In 2023, there are cybersecurity risks for every organization and you can have the best policies, practices in the world and still be hacked,” Colman-Sadd stated.

“But, it is really important to have good policies because it helps to prevent at least some of, or to ward off, attacks.”

Story continues beneath commercial

While HRM Mayor Mike Savage stated there’s work to be performed, he expressed his confidence within the Information Technology (IT) departments means to take action.

“I do have confidence in the leadership that we have in IT now to help us with this,” Savage stated. “It’s pretty urgent and we appreciate this report for the information it gives us.”

In committee discussions in regards to the report, Councillor Pam Lovelace stated HRM has seen its web site down, a number of requires password modifications, a TikTok ban, and confusion round lacking laptops.

“What I’m seeing from this is we lack rigour,” Lovelace stated. “We lack the processes and the detailed kind of analysis that is needed internally with our IT department, considering the severity of the cyberattacks and the potential of shutting down business at HRM.”

Regarding the lacking laptops, Colman-Sadd stated a software used to trace belongings — similar to computer systems — just isn’t correct, however has recognized 451 computer systems as “missing.”

“It could be an instance where someone hasn’t returned one after they’ve gotten a new computer and perhaps it wasn’t tracked properly, so I think IT probably needs to investigate that,” she stated. “Could there be laptops that are truly missing? There could.”

Colman-Sadd additionally talked about in her report that cybersecurity coaching for municipal workers is important to the primary “line of defense.”

Story continues beneath commercial

She stated, as of February, 11 out of 17 elected officers at HRM haven’t accomplished cybersecurity consciousness coaching.

The report comes as King’s County lately notified the general public of a cyber assault from July, displaying that municipalities may be focused.

Colman-Sadd offered 16 suggestions in her report, all of which have been agreed to by HRM and 4 of which have already been accomplished.

“When I read this report, there’s things that concern me,” Savage stated. “On the other hand, I look at the recommendations and I see some of them are already complete and that management, I think, agrees with just about every recommendation… which I think is encouraging.”

HRM workers stated by e mail that, “municipal cybersecurity staff are reviewing the recommendations of the HRM IT: Management of Cybersecurity Audit – Public report, and as per today’s meeting, will develop a prioritized action plan within four months and report back to the Audit and Finance Standing Committee showing how these recommendations will be addressed, with timelines and resource implications.”

The auditor normal’s workplace will observe up in 18 months on the suggestions, at which level they are going to be searching for 80 per cent completion.

&copy 2023 Global News, a division of Corus Entertainment Inc.