February 22, 2023 By Jonathan Reed 2 min read

Public safety organizations are common cyberattack targets. But a recent Verizon survey of these organizations reveals that only 15% feel they are “very prepared” against cyberattacks. This survey coincides with a Resecurity report that cites an increase in malicious activity targeting law enforcement agencies during Q2 2022.

Any incident can potentially impact community welfare and public safety. The challenge remains in how to improve security on tight public budgets. Luckily, a few simple tactics can begin to make a meaningful difference.

Not very prepared

According to the Verizon study, fewer than 50% of respondents believe their agency is at least somewhat prepared in case of a cyberattack. And overall, only 15% feel “very prepared”.

Law enforcement agencies seem to be more confident in their security. In the event of a cyberattack, 58% of police departments feel somewhat prepared and 20% feel very prepared. On the other hand, EMS departments have the lowest sentiment with only 12% feeling very prepared.

Continued reports of attacks

The Resecurity report reveals that in Q2 2022, actors were hacking law enforcement email accounts for nefarious purposes. One recent malicious trend is sending fake subpoenas and Emergency Data Requests (EDRs) to companies to collect sensitive information. Threat actors are looking for billing history, addresses, phone call records, text history and other sensitive data which could be used for extortion purposes.

Meanwhile, in May 2022, a prominent New York EMS provider suffered a ransomware incident exposing the data of over 300,000 patients. The attack was a standard double-extortion scheme. Cyber criminals exfiltrated files, encrypted systems and then threatened to publish the data unless a ransom was paid.

Fire departments aren’t safe from attack either. In September 2022, threat actors allegedly stole department paychecks from a South Carolina fire department. Deputies said they discovered that intruders gained remote access to the Assistant Chief’s email and employee payroll accounts. The criminals then edited employee direct deposit information, diverting payroll earnings into the attackers’ prepaid debit card accounts.

Reducing risk on a budget

Undoubtedly, public service organizations run on a tight budget. So how can they improve their security posture?

According to CISA, specific tactics can make a difference and come with little to no cost. Ways for public safety organizations to improve their protection against attack include:

  • Multi-factor authentication (MFA): This should be implemented on all department accounts. There are low-cost or free apps on the market for this. MFA makes it significantly harder for a malicious actor to break into your system.
  • Software updates: Check for updates on all mission-critical software. Turn on automatic updates.
  • Employee training: The majority of successful cyberattacks start with a phishing email. Train employees how to spot phishing attacks, and focus on periodic retraining.
  • Use strong passwords or a password manager: Generate and store unique passwords to further deter attacks.

Keeping public safety safe

Attacks on police, fire and EMS departments are especially concerning in their capacity to disrupt critical services and cause real-world harm. It’s imperative that these organizations step up their efforts to mitigate cyber events.

More from News

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021. Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in…

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

CISA and FBI release secure by design alert on cross-site scripting 

3 min read - CISA and the FBI are increasingly focusing on proactive cybersecurity and cyber resilience measures. Conjointly, the agencies recently released a new Secure by Design alert aimed at eliminating cross-site Scripting (XSS) vulnerabilities, which have long been exploited to compromise both data and user trust. Cross-site scripting vulnerabilities occur when a web application improperly handles user input, allowing attackers to inject malicious scripts into web pages that are then executed by unsuspecting users. These vulnerabilities are dangerous because they don't attack…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today