Public safety organizations are common cyberattack targets. But a recent Verizon survey of these organizations reveals that only 15% feel they are “very prepared” against cyberattacks. This survey coincides with a Resecurity report that cites an increase in malicious activity targeting law enforcement agencies during Q2 2022.

Any incident can potentially impact community welfare and public safety. The challenge remains in how to improve security on tight public budgets. Luckily, a few simple tactics can begin to make a meaningful difference.

Not Very Prepared

According to the Verizon study, fewer than 50% of respondents believe their agency is at least somewhat prepared in case of a cyberattack. And overall, only 15% feel “very prepared”.

Law enforcement agencies seem to be more confident in their security. In the event of a cyberattack, 58% of police departments feel somewhat prepared and 20% feel very prepared. On the other hand, EMS departments have the lowest sentiment with only 12% feeling very prepared.

Continued Reports of Attacks

The Resecurity report reveals that in Q2 2022, actors were hacking law enforcement email accounts for nefarious purposes. One recent malicious trend is sending fake subpoenas and Emergency Data Requests (EDRs) to companies to collect sensitive information. Threat actors are looking for billing history, addresses, phone call records, text history and other sensitive data which could be used for extortion purposes.

Meanwhile, in May 2022, a prominent New York EMS provider suffered a ransomware incident exposing the data of over 300,000 patients. The attack was a standard double-extortion scheme. Cyber criminals exfiltrated files, encrypted systems and then threatened to publish the data unless a ransom was paid.

Fire departments aren’t safe from attack either. In September 2022, threat actors allegedly stole department paychecks from a South Carolina fire department. Deputies said they discovered that intruders gained remote access to the Assistant Chief’s email and employee payroll accounts. The criminals then edited employee direct deposit information, diverting payroll earnings into the attackers’ prepaid debit card accounts.

Reducing Risk on a Budget

Undoubtedly, public service organizations run on a tight budget. So how can they improve their security posture?

According to CISA, specific tactics can make a difference and come with little to no cost. Ways for public safety organizations to improve their protection against attack include:

  • Multi-factor authentication (MFA): This should be implemented on all department accounts. There are low-cost or free apps on the market for this. MFA makes it significantly harder for a malicious actor to break into your system.
  • Software updates: Check for updates on all mission-critical software. Turn on automatic updates.
  • Employee training: The majority of successful cyberattacks start with a phishing email. Train employees how to spot phishing attacks, and focus on periodic retraining.
  • Use strong passwords or a password manager: Generate and store unique passwords to further deter attacks.

Keeping Public Safety Safe

Attacks on police, fire and EMS departments are especially concerning in their capacity to disrupt critical services and cause real-world harm. It’s imperative that these organizations step up their efforts to mitigate cyber events.

More from News

More School Closings Coast-to-Coast Due to Ransomware

Instead of snow days, students now get cyber days off. Cyberattacks are affecting school districts of all sizes from coast-to-coast. Some schools even completely shut down due to the attacks. The federal government recently warned that K-12 schools face a growing threat from cyber groups. According to the FBI, school districts often have limited cybersecurity protections, which makes them even more vulnerable. The FBI also says it anticipates the number of threats to increase. In a recent warning, the nation’s…

Hackers are Increasingly Targeting Auto Dealers

Auto dealerships are increasingly concerned with cybersecurity in the face of new regulations and an alarming rise in cyberattacks. The Second Annual Global State of Cybersecurity Report by CDK Global found that 85% of dealerships say cybersecurity is very or extremely important relative to other operational areas. Additionally, 89% say cybersecurity is more important than last year, a 12% increase. Not surprisingly, only 37% of auto retailers are confident in the current protection, which is a 21% decrease from 2021.…

LastPass Breaches Cast Doubt on Password Manager Safety

In 2022, LastPass suffered a string of security breaches which sparked concern among cyber professionals and those impacted by the intrusions. Some called into question the way LastPass handled and responded to the incident. In addition, the situation ignited a wider conversation about the risks linked to utilizing password managers. A password manager helps users generate strong passwords and safeguards them within a digital locker. A master password secures all data, which enables users to conveniently access all their passwords…

Good Guys Decrypt Ransomware Targeting Charitable Groups

Imagine you’re an IT manager amid a ransomware attack. While your team scrambles for solutions, the intruders demand a ransom. Of course, you don’t want to pay; you just want your files back. But as time ticks by and the extortionists turn up the heat, your bosses are about to give in and pay the ransom. But then, the FBI calls. “Don’t pay,” the agent says. “We’ve found someone who can crack the encryption.” Sound too good to be true?…