When it comes to cyberthreats, local government is one of the most trusted industries in Australia, according to a new report.
The inaugural Brand Trust Report from Mimecast, an email security and cyber resilience company, shows the impact of cyber attacks on consumer trust.
There were 9,000 respondents surveyed globally from Australia, United Kingdom, Germany, South Africa and other countries, with insights from 1,000 Australians.
The findings revealed that local government was the fourth most trusted industry in Australia, with 58 per cent of Australian respondents saying they trusted the sector.
Topping the list was online banking at 69 per cent, with the least trusted industry in Australia being delivery at 41 per cent.
“The stakes are higher when it comes to what our interactions are with council.” – Garrett O’Hara, field chief technologist for Mimecast APAC
Trust is central
Garrett O’Hara, field chief technologist for Mimecast APAC, believes that trust is the “fulcrum” and the thing that every interaction depends on.
“When I go to interact with my council, there has to be trust there for me to get what I need done in a way that is useful and meaningful for me,” he told Government News.
“If that trust was broken, then I’m going to be suspicious of every email that came from the council; I wouldn’t open those, I wouldn’t read communications.”
While trust is important for businesses and their customers, Mr O’Hara believes this may be more so for councils.
“I think the stakes are higher when it comes to what our interactions are with council,” he said.
“I think they’re much more the stuff of life; they’re actually more important interactions than buying a new pair of shoes.”
“There’s an elevated level of risk in terms of what an attacker could gain… by pretending to be a local government council or entity.” – Garrett O’Hara, field chief technologist for Mimecast APAC
Local government least likely targets of cyber attacks
The pandemic has brought about an increase in cyber attacks, with cyber criminals exposing vulnerabilities that have come with widespread remote working.
Mimecast’s State of Email Security 2021 report revealed that email-based security threats increased by 64 per cent in 2020.
Local government fared well in this section of the report, with findings revealing that it is the least targeted industry in Australia, with seven per cent of respondents receiving phishing emails from the sector.
Delivery topped the list, with 29 per cent of its consumers receiving phishing emails, followed by online banking at 27 per cent and entertainment at 22 per cent.
Although councils are unlikely to be targeted by cyber attacks, this doesn’t mean they should be complacent, according to Mr O’Hara.
“The level of trust that exists with [government]… if it is compromised could actually be incredibly impactful to a citizen,” he said.
“The information that I’ve supplied to my local council, I’m comfortable with them having it, but I certainly wouldn’t be comfortable with cybersecurity attackers having that same level of information about me.
“So, in some ways, I would say there’s an elevated level of risk in terms of what an attacker could gain, from an information perspective, by pretending to be a local government council or entity.”
Trustworthiness of industry no protection
There appears to be little correlation between the perceived trustworthiness of an industry and cyberthreats targeting those industries.
For example, online banking is the most trusted industry in Australia, but is also the second most targeted industry for phishing emails.
Mr O’Hara believes consumers continue to trust this industry because of how it communicates with consumers.
“The consumers of banks actually have a lot of faith in the security of the banking organisations because they bend over backwards to communicate with their customers, saying ‘hey, there’s a scam out there, watch out for this, watch out for that’,” he said.
Government is also doing a good on this front, Mr O’Hara said, and that is evident through websites such as Scamwatch.
“The information that I’ve supplied to my local council, I’m comfortable with them having it, but I certainly wouldn’t be comfortable with cybersecurity attackers having that same level of information about me.” – Garrett O’Hara, field chief technologist for Mimecast APAC
Preventing cyber attacks
Councils can be proactive in preventing cyber attacks by stopping direct domain spoofing, which occurs when an attacker appears to use a company’s domain to impersonate it or one of its employees.
More companies are doing this through a system called Domain-based Message Authentication, Reporting and Conformance (DMARC).
It is an email validation system that uncovers anyone using a brand’s domain without authorisation and will block all unauthenticated mail and prevent customers, partners and employees from receiving emails from impersonators.
Mr O’Hara believes government is doing a good job of using DMARC.
“There is a strong push for local councils, state level entities and federal to adopt and use DMARC to protect their domains,” he said.
More advanced technology also exists that allows for the scanning of ‘cousin domains’, or look-alike domains that have a very similar name and address.