February 22, 2023 By Jonathan Reed 2 min read

Public safety organizations are common cyberattack targets. But a recent Verizon survey of these organizations reveals that only 15% feel they are “very prepared” against cyberattacks. This survey coincides with a Resecurity report that cites an increase in malicious activity targeting law enforcement agencies during Q2 2022.

Any incident can potentially impact community welfare and public safety. The challenge remains in how to improve security on tight public budgets. Luckily, a few simple tactics can begin to make a meaningful difference.

Not very prepared

According to the Verizon study, fewer than 50% of respondents believe their agency is at least somewhat prepared in case of a cyberattack. And overall, only 15% feel “very prepared”.

Law enforcement agencies seem to be more confident in their security. In the event of a cyberattack, 58% of police departments feel somewhat prepared and 20% feel very prepared. On the other hand, EMS departments have the lowest sentiment with only 12% feeling very prepared.

Continued reports of attacks

The Resecurity report reveals that in Q2 2022, actors were hacking law enforcement email accounts for nefarious purposes. One recent malicious trend is sending fake subpoenas and Emergency Data Requests (EDRs) to companies to collect sensitive information. Threat actors are looking for billing history, addresses, phone call records, text history and other sensitive data which could be used for extortion purposes.

Meanwhile, in May 2022, a prominent New York EMS provider suffered a ransomware incident exposing the data of over 300,000 patients. The attack was a standard double-extortion scheme. Cyber criminals exfiltrated files, encrypted systems and then threatened to publish the data unless a ransom was paid.

Fire departments aren’t safe from attack either. In September 2022, threat actors allegedly stole department paychecks from a South Carolina fire department. Deputies said they discovered that intruders gained remote access to the Assistant Chief’s email and employee payroll accounts. The criminals then edited employee direct deposit information, diverting payroll earnings into the attackers’ prepaid debit card accounts.

Reducing risk on a budget

Undoubtedly, public service organizations run on a tight budget. So how can they improve their security posture?

According to CISA, specific tactics can make a difference and come with little to no cost. Ways for public safety organizations to improve their protection against attack include:

  • Multi-factor authentication (MFA): This should be implemented on all department accounts. There are low-cost or free apps on the market for this. MFA makes it significantly harder for a malicious actor to break into your system.
  • Software updates: Check for updates on all mission-critical software. Turn on automatic updates.
  • Employee training: The majority of successful cyberattacks start with a phishing email. Train employees how to spot phishing attacks, and focus on periodic retraining.
  • Use strong passwords or a password manager: Generate and store unique passwords to further deter attacks.

Keeping public safety safe

Attacks on police, fire and EMS departments are especially concerning in their capacity to disrupt critical services and cause real-world harm. It’s imperative that these organizations step up their efforts to mitigate cyber events.

More from News

CISA releases landmark cyber incident reporting proposal

2 min read - Due to ongoing cyberattacks and threats, critical infrastructure organizations have been on high alert. Now, the Cybersecurity and Infrastructure Security Agency (CISA) has introduced a draft of landmark regulation outlining how organizations will be required to report cyber incidents to the federal government. The 447-page Notice of Proposed Rulemaking (NPRM) has been released and is open for public feedback through the Federal Register. CISA was required to develop this report by the Cyber Incident Reporting for Critical Infrastructure Act of…

Recent developments and updates in Biden cyber policy

3 min read - The White House recently released its budget for the 2025 fiscal year, which supports the government’s commitment to cybersecurity. The cybersecurity funding allocations line up with the FY 2025 cybersecurity spending priorities released last year that included the following pillars: Defend critical infrastructure Disrupt and dismantle threat actors Shape market forces to drive security and resilience Invest in a resilient future Forge international partnerships to pursue shared goals. In 2023, the White House released a 35-page document detailing the new…

Change Healthcare cyberattack causes dire billing crisis

3 min read - Last month’s cyberattack on Change Healthcare, a sizable unit of UnitedHealth Group, brought new repercussions rarely seen in a cyberattack. As a result of the threat actor’s actions, healthcare systems and providers suffered cash flow issues, which resulted in providers being unable to pay their rent, owners dipping into their personal savings and patients being prevented from receiving important medications. Most importantly, patients are unable to get insurance approval for procedures, surgeries and prescriptions, which can affect their health outcomes.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today