Moorabool Shire Council upgrades cybersecurity measures with help from Black Kite

Melbourne, Victoria Jan 11, 2022 (Issuewire.com) – Moorabool Shire Council (MSC) is a fast-growing semi-rural municipality nestled between Melbourne, Geelong, and Ballarat. It offers residents picturesque and friendly surroundings with the vibrancy of an active, growing community.

A stunning shire spanning more than 2,110 square kilometers, Moorabool is made up of 64 localities, hamlets, and towns. More than 74% of the Shire comprises water catchments, state forests, and national parks.

Moorabool Shire Council has an ever-growing amount of data and an expectation from the community that this data is kept safe and secure.

“As a government body, we deal with personal information on a daily basis.” Says the ICT Manager, Lalitha Koya. “We are expected to ensure that the resident’s data and privacy is protected and secure within council’s systems. It’s especially important for us being a local government authority to ensure our cyber environment is safe. We are seeing a lot of cyber-attacks targeting government websites. We need to make sure our systems are secure; to detect any potential risks and react to them, so that we’ll be able to protect our community and the data that has been entrusted to us.”

Being a target for cybercriminals, Moorabool Shire Council is constantly on the lookout for new technology and systems to their arsenal of cybersecurity systems that help keep them one step ahead in this cybersecurity landscape.

The opportunity with Black Kite

In the past, Moorabool was only conducting periodic compliance exercises annually to review its vulnerabilities, with engagements to scanning the environment and reacted to the problem at that point-in-time fixing any newly found issues and waiting for the next year’s annual scan. ” “The problem was… with vulnerabilities being identified sometimes daily we didn’t have visibility to see where we are on a continuous basis”

“If we can see where we are, and also track our improvements on mitigating the vulnerabilities or risks, then it helps to keep the focus on security, keeping the conversations open; working at continuous improvement. Working to continue to reduce the chance that Moorabool could be exploited due to a vulnerability.” 

“This solution helps us to provide stronger business cases demonstrating work required, highlighting ongoing efforts in improving cyberspace security.”

“It will not only benefit us on audit and risk committee reporting but also any other vendor’s meetings or audits that Council participates in,” Lalitha says.

In March 2021, Garry Pugh, Moorabool’s IT Systems Co-Ordinator learned about Black Kite in a procurement exercise.”One of our vendors gave us a demonstration of it. We saw the value of using its cyber risk rating and continuous monitoring. It met quite a number of our security objectives when the consultant demonstrated the benefits for us in the first initial demonstration.”

“What attracted me the most to Black Kite is the visibility, we now see where we are constantly, rather than just point in time scans… tracking our improvements from the score point of view also gives the team a sense of satisfaction.” BlackKite’s rating system is able to analyse an organization’s cyber risk posture from technical, financial, and compliance perspectives.

– Through open-source intelligence (OSINT) across 20 major risk categories, Black Kite compiles results into an easy-to-understand letter grade.
– The financial impact rating uses the international Open FAIR model to translate potential cyber risks into financial losses.
– The compliance rating adopts various frameworks and standards, such as NIST 800-53 or ISO27001 to evaluate the organizations’ level of compliance against that standard.

“I believe that we started from around 80 or so from the compliance, and slowly worked away by involving various members within the ICT team. The categories within the solution were able to easily lend themselves to align with functions within the team. The guidance of the severity of any vulnerabilities assisted with prioritization… The Black Kite system notifies us of any newly found vulnerabilities so that we are not always on the back foot, even though we are reacting I wouldn’t call it being reactive, we are able to work in a more real-time to critical vulnerabilities.” Lalitha adds.

Automated Vendor Compliance Monitoring

Black Kite also helps effectively monitor vendor compliance. The compliance section includes 14 global standards and correlates publicly-available findings to those frameworks, saving time and effort by eliminating the need for regular compliance questionnaires. Where information is not available publicly, Black Kite’s UniQuE Parser consumes a variety of compliance documents, for example, a SOC 1 or 2, and parses that information immediately to the existing standards. This allows more time for mitigating risk, rather than discovering where the risks exist.

“We are constantly investing in new or third-party applications, but we only check its risks or compliance on engagement.” Lalitha continues. “Once the system is onboard, we are not going back to see if it’s still meeting the standards we expect when it comes to security compliance. With Black Kite, it monitors these easily for Council; if there are any issues. Once we have these insights, we can actually inform our vendors to improve certain areas.” 

“Councils digital footprint is ever-changing, Black Kite is a significant tool to monitor the risks and compliance continuously to ensure our own cyber security is at the highest level. The monitoring is ongoing with often no requirement for Council to make any changes to the configuration of Black Kite – it finds changes in our digital footprint, that’s where the value is.”

Looking Ahead: Our IT Roadmap needs Black Kite

Lalitha and his team completed the Black Kite implementation in June. So far, they are very happy with the active monitoring they’re receiving. “It’s automated, providing real-time alerts and risk mitigation strategies, helping us effectively review our cybersecurity posture. Black Kite continues to work even when we aren’t looking at its portal. Being a small team, Council needs systems that are automated without the burden of the team making it work. It tells us when there is an issue. “