Case Study


Campbelltown City Council is one of the largest councils in Australia. Over the last few years, the Council has gone through significant changes in their ICT environment. While numerous security controls were implemented in the scope of the transformation, the Council stakeholders were looking for a local cybersecurity partner to better understand the current cyber security posture of the organisation, including associated weakness and exposures as they are seen from an external attacker perspective.

ThreatDefence equipped our IT department with superior abilities to collect and analyse security events proactively, and respond to data breaches if they occur. Being able to contain threats in real time provides a tremendous value to our organisation.

CIO, Campbelltown City Council

Traditionally, local government organisations have had little reason to worry about cyber risks. However, these days the threat landscape has changed, and poor cyber security management can expose local government organisations such as councils to a broad range of risks, including financial loss, reputational damage, and data breaches. The potential impacts may include:

  • Theft of corporate and financial information and intellectual property, or theft of money
  • Third-party losses when personal information stored on government systems is used for criminal purposes
  • Reputational damage associated with the loss of citizens’ personal information
  • Enormous incident response and investigation costs incurred due to a compromise.

Being concerned with the increasing number of cyber attacks targeting local government organisations, the Council stakeholders were seeking to understand their level of readiness to tackle cyber security incidents, such as:

  • Do we have complete visibility into our cloud infrastructure, and can we quickly detect account takeovers, contain a threat, and provide assurance to the business that attackers did not spread to other user accounts?
  • Can our IT staff provide assurance that your systems are not currently compromised?
  • Are we ready to respond to a security data breach associated with citizens’ personal data exposure?
  • How quickly can our team detect, investigate, and contain cyber threats?

The Council engaged ThreatDefence to perform a security review and analysis of the Council’s security posture, as well as to assess if the environment has any indicators or compromise, or significant security weaknesses and misconfigurations. During the assessment, ThreatDefence worked with the Council to review the entire business environment and to identify any security weaknesses or exposures. ThreatDefence consultants focused on the practical aspects of cyber security to assist the Council identifying both tactical and strategic opportunities to enhance the maturity of cyber security and privacy programs.

ThreatDefence network, endpoint and cloud sensors were deployed to to analyse network traffic, collect security events from the infrastructure in real time, and scan systems for any indicators of compromise. The collected data was analysed by Threatefence XDR platform with the use of security analytics to identify any malicious indicators, or any suspicious or anomalous behaviour. Through the use of this service, the Council was able to greatly enhance their cyber security posture, and to build an actionable list of remediations to execute as part of their cyber security program.

Protect Your Organisation With ThreatDefence