Public safety organizations are unprepared for cyberattacks

Written on Mar 1, 2023

Public safety organizations are common cyberattack targets, but a new survey reveals that only 15% feel they are “very prepared” against cyberattacks.

According to the study by Verizon, fewer than 50% of respondents believe their agency is at least somewhat prepared in case of a cyberattack. And overall, only 15% feel “very prepared”.

Law enforcement agencies seem to be more confident in their security. In the event of a cyberattack, 58% of police departments feel somewhat prepared and 20% feel very prepared. On the other hand, EMS departments have the lowest sentiment with only 12% feeling very prepared.

The Resecurity report reveals that in Q2 2022, cybercriminals were hacking law enforcement email accounts. One recent malicious trend is sending fake subpoenas and Emergency Data Requests (EDRs) to companies to collect sensitive information. Threat actors are looking for billing history, addresses, phone call records, text history and other sensitive data which could be used for extortion purposes.

According to CISA, specific tactics can make a difference and come with little to no cost. Ways for public safety organizations to improve their protection against attack include:

Multi-factor authentication (MFA): This should be implemented on all department accounts. There are low-cost or free apps on the market for this. MFA makes it significantly harder for a malicious actor to break into your system.
Software updates: Check for updates on all mission-critical software. Turn on automatic updates.
Employee training: The majority of successful cyberattacks start with a phishing email. Train employees how to spot phishing attacks and focus on periodic retraining.

Use strong passwords or a password manager: Generate and store unique passwords to further deter attacks.