Public safety organizations are frequently targeted by cyberattacks, but according to a recent survey by Verizon, only 15% of these organizations feel that they are adequately prepared to defend against them. This survey coincides with a report from Resecurity, which highlights a rise in a malicious activity specifically targeting law enforcement agencies during the second quarter of 2022.
The potential impact of any incident on community welfare and public safety cannot be overlooked. However, the challenge lies in improving security with limited public budgets. Fortunately, implementing a few straightforward tactics can significantly enhance security measures.
The Verizon study indicates that less than 50% of respondents believe that their agency is adequately prepared to handle a cyberattack. Additionally, only 15% of respondents feel that their agency is “very prepared” to tackle such an attack.
Law enforcement agencies appear to be more confident in their security measures. In the case of a cyberattack, 58% of police departments feel that they are somewhat prepared, and 20% feel very prepared. However, EMS departments are the least confident, with only 12% feeling very prepared in the event of a cyberattack.
According to the Resecurity report, during the second quarter of 2022, law enforcement email accounts were targeted by malicious actors for illicit reasons. A recent malicious trend involves the sending of counterfeit subpoenas and Emergency Data Requests (EDRs) to businesses in order to obtain confidential information. The threat actors aim to acquire sensitive data such as billing history, addresses, phone call records, and text history, among others, which can be used for extortion purposes.
In May 2022, a notable EMS provider in New York was the victim of a ransomware attack, which led to the compromise of the information of more than 300,000 patients. The attackers employed a typical double-extortion tactic: they extracted files, encrypted systems, and then demanded a ransom, threatening to release the data if their demands were not met.
Even fire departments are not immune to cyberattacks. In September 2022, attackers purportedly stole paychecks from a fire department in South Carolina. Authorities reported that the intruders managed to obtain remote access to the Assistant Chief’s email and employee payroll accounts. Subsequently, the criminals manipulated the direct deposit details of the employees, rerouting the payroll earnings to prepaid debit card accounts controlled by the attackers.
Certainly, public service organizations operate within a constrained budget. Therefore, what measures can they take to enhance their security stance?
As per CISA, there are particular strategies that can be highly effective in enhancing security without incurring significant costs. Some of the approaches that public safety organizations can adopt to fortify their defenses against cyber-attacks include:
Cyberattacks targeting police, fire, and EMS departments are particularly alarming due to their potential to disrupt crucial services and result in tangible harm. Therefore, it is crucial that these organizations intensify their measures to prevent cyber incidents.
Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.
For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com