Public safety organizations are common cyberattack targets. But a recent Verizon survey of these organizations reveals that only 15% feel they are “very prepared” against cyberattacks. This survey coincides with a Resecurity report that cites an increase in malicious activity targeting law enforcement agencies during Q2 2022.

Any incident can potentially impact community welfare and public safety. The challenge remains in how to improve security on tight public budgets. Luckily, a few simple tactics can begin to make a meaningful difference.

Not Very Prepared

According to the Verizon study, fewer than 50% of respondents believe their agency is at least somewhat prepared in case of a cyberattack. And overall, only 15% feel “very prepared”.

Law enforcement agencies seem to be more confident in their security. In the event of a cyberattack, 58% of police departments feel somewhat prepared and 20% feel very prepared. On the other hand, EMS departments have the lowest sentiment with only 12% feeling very prepared.

Continued Reports of Attacks

The Resecurity report reveals that in Q2 2022, actors were hacking law enforcement email accounts for nefarious purposes. One recent malicious trend is sending fake subpoenas and Emergency Data Requests (EDRs) to companies to collect sensitive information. Threat actors are looking for billing history, addresses, phone call records, text history and other sensitive data which could be used for extortion purposes.

Meanwhile, in May 2022, a prominent New York EMS provider suffered a ransomware incident exposing the data of over 300,000 patients. The attack was a standard double-extortion scheme. Cyber criminals exfiltrated files, encrypted systems and then threatened to publish the data unless a ransom was paid.

Fire departments aren’t safe from attack either. In September 2022, threat actors allegedly stole department paychecks from a South Carolina fire department. Deputies said they discovered that intruders gained remote access to the Assistant Chief’s email and employee payroll accounts. The criminals then edited employee direct deposit information, diverting payroll earnings into the attackers’ prepaid debit card accounts.

Reducing Risk on a Budget

Undoubtedly, public service organizations run on a tight budget. So how can they improve their security posture?

According to CISA, specific tactics can make a difference and come with little to no cost. Ways for public safety organizations to improve their protection against attack include:

• Multi-factor authentication (MFA): This should be implemented on all department accounts. There are low-cost or free apps on the market for this. MFA makes it significantly harder for a malicious actor to break into your system.
• Software updates: Check for updates on all mission-critical software. Turn on automatic updates.
• Employee training: The majority of successful cyberattacks start with a phishing email. Train employees how to spot phishing attacks, and focus on periodic retraining.
• Use strong passwords or a password manager: Generate and store unique passwords to further deter attacks.

Keeping Public Safety Safe

Attacks on police, fire and EMS departments are especially concerning in their capacity to disrupt critical services and cause real-world harm. It’s imperative that these organizations step up their efforts to mitigate cyber events.