Preparing Your Agency for Evolving Cybersecurity Threats

Ransomware attacks and data breaches continue to affect police departments around the nation. Departments regularly handle sensitive data such as case evidence, inmate records and even employees’ personal information – all of which are subject to cyber threats.

In 2021, the Washington D.C. Police Department fell victim to a ransomware attack. Hackers leaked a massive amount of internal information after the department refused to pay the cyber criminals’ demands. Similarly, the was hit by a ransomware attack where hackers demanded a Bitcoin payment that equaled $5.3 million.

Leaked information is not the only consequence of cybercrime. Malware programs can shut down emergency response systems for a period of time – a consequence that no community wants to experience.

Cybercriminals are advancing and creating new techniques to infiltrate public safety agencies. Prioritizing your agency’s cybersecurity plan is non-negotiable. The stakes are too high, and the effects are long-lasting.

In an effort to avoid cyber threats, or minimize the effect of an attack, police departments must be aware and stay up to date on the kinds of attacks and have a clear plan on how to be proactive rather than reactive.

Awareness

A majority of cyber-attacks occur because of a lack of awareness. Agencies often fall prey to both internal threats (malicious or uneducated employees) and external threats (phishing or ransomware). The Institute for Defense and Business outlines five primary methods of cyber-attacks used to target the public sector.

1. State-Sponsored Cyber-Attacks – Considered as a form of warfare in which one government entity attacks another government entity or agency’s valuable information.
2. Ransomware – A specific form of malware that completely barricades the user’s ability to access their system until a ransom is paid.
3. Phishing – Typically disguised through emails, text messages, phone calls, hackers impersonate licensed institutions to obtain valuable information.
4. Hacktivists – Cybercriminals who hack information and systems as a means of social or political activism.
5. Improper Usage & Internal Attacks – Employees can be the greatest threat to information security because they have direct access to information. It is important to implement cyber security training on proper usage and handling of technology and information. Promoting awareness and teaching best practices can make a difference in how well your employees protect the organization’s sensitive data.

Among the most critical forms of cyberattack, killware is an evolving type of ransomware affecting many public sector agencies, including police departments. As its name suggests, killware is not only a threat to information security, but also to human safety.

Killware is a threat to police agencies from two different perspectives. Primarily, hackers can leak sensitive data such as addresses, phone numbers and other personal information that pose a threat to individual and community safety.

In cases where cyberattacks on other organizations could result in loss of life, police and other first responders must be prepared to handle the impact and maximize public safety. In 2021, hackers gained access to a water treatment facility’s system. The hacker increased the amount of sodium hydroxide in the water supply to 100 times greater than the normal amount.

Cybercriminals are targeting more critical infrastructures and police departments must be aware of the growing of attacks and trends.

Prevention and Minimizing Impact

Tactics to obtain government-sensitive information are enhancing rapidly. Hackers have become more sophisticated than ever – and the public sector must be prepared.

The goal is to be proactive and not reactive.

Developing a response plan is critical to data security. Many organizations are moving to the cloud, entrusting data to a third-party provider. This creates a number of fears. How do we manage permissions and access to systems? Where are data centers located? To what degree is the cloud provider responsible for information security? Whether your organization has modernized to the cloud or not, there must be a contingency plan as a response to an attack.

Your plan may include:

• How to recover and secure systems after an attack.
• How to secure physical areas related to the breach.
• Notifying those who are affected.
• How and when to back up data.

Additionally, establishing or enhancing internal cyber security policies and procedures is a requirement. Written policies ensure that everyone is aware of what to do in the case of a threat. This should include information such as an acceptable policy use, internet usage policy, virtual private network (VPN) policy and more.

Employees can take their own precautions as well to help promote data security by:

• Downloading carefully – Be aware of files, downloads, and attachments from unverified sources.
• Improving password security – Password strength can serve as the gatekeeper to so sensitive information. Additionally, avoid writing down passwords and keeping them in accessible places.
• Updating device software – Software updates tend to come with improved methods of data security. Regularly installing verified and licensed updates can improve your device’s ability to detect threats.

Utilizing Cloud Technology to Protect Your Digital Assets

As cyber-attacks evolve, law enforcement must shift to updated technology to keep data secure by leveraging the benefits of cloud-based systems. With attacks on the rise, it is no longer a question of should we move to cloud, but when.

Some agencies are reluctant to adopt cloud solutions because of the fear of data security. It is easier to trust internal resources and keep your data on a local server, rather than relying on an off-site cloud provider. However, many law enforcement agencies are operating on older systems – making them easy targets for cyber-attacks.

On the other hand, cloud providers have made cyber security a priority for their systems. They have dedicated experts and security services to help prevent and respond to threats, and quickly remediate the effects of an attack.

Cloud technology offers advanced features by combining access controls and encryption technology to not only keep data secure, but to also test security and vulnerability.

Audits and compliance mandates help ensure that cloud providers adhere to the requirements for personnel access, usage, accountability, storage and security.

Your agency benefits from shifting to the cloud by partnering with a provider that is committed to the success of keeping your information safe.

Cyberattacks in the public sector are an unfortunate reality that all organizations must be aware of and prepare for. There can be roadblocks to enhancing your agency’s cyber security; however, the Cybersecurity and Infrastructure Security Agency offers helpful tips to keep your agency’s information safe. Government funding is also available to make investments in cybersecurity updates.