Carl Mazzanti, eMazzanti Technologies
Public safety authorities have been grappling with a surge in criminal activity while contending with limited resources. Now, they are confronting an additional challenge: sophisticated ransomware attacks.
These malicious schemes initiate when hackers infiltrate and seize control of an agency’s computer system. Subsequently, they threaten to either permanently block access to files or expose sensitive data unless a ransom is paid. The frequency of ransomware attacks has been steadily rising. However, agencies which team up with qualified external IT support can lower the risk of falling prey to such attacks.
A Prime Target for Hackers
As per publicly available reports, thousands of attacks are registered each week. Among these, a significant number are specifically targeted at law enforcement agencies and public safety answering points. In the first half of 2023 alone, notable breaches included an incident involving a county police department. Here, an employee apparently opened a personal E-mail on an official device, inadvertently introducing malware which paralyzed criminal investigative files and disrupted routine administrative functions. Other incidents featured a massive ransomware assault on a city hall, resulting in the exposure of internal police department files, including sensitive information such as social security numbers, police assignments and legal settlements.
Hence, it’s unsurprising that surveys indicate only about 20% of law enforcement professionals express “extreme confidence” in their departments’ cybersecurity measures. This sentiment is reinforced by the fact that fewer than a third of agencies have a Cyber Incident Response Plan in place, despite the potential of ransomware to compromise critical information and disrupt vital public services.
David Kondrup, President of All Business Management, LLC, and an IACP Life Member with a rich law enforcement background, underscores the gravity of the situation. When vital services are disrupted due to hacking, citizens are left without essential resources, causing disorder. He points out that the primary mission of the police is to prevent crime and disorder, but ransomware creates a sense of chaos when it incapacitates crucial services.
Beyond the risks to citizens’ safety and financial stability, the reputation of the jurisdiction is also at stake. City, county and municipal functions are compromised – computer aided dispatch, predictive policing, fingerprinting, and communication between resources are all hindered. Recovery becomes a prolonged and expensive endeavor, with taxpayers ultimately bearing the costs.
Taking a Proactive Stance
With regards to ransomware and cyberattacks, Kondrup advocates for a proactive approach, emphasizing prediction, detection and prevention rather than a reactive mindset. Responding to ransomware incidents is inadequate, as the damage is already done. Prevention is crucial for upholding public trust and approval in law enforcement agencies and governments.
Combatting ransomware requires a systematic, consistent approach which is continuously reviewed and updated. Creating a strong defense against digital threats involves multiple layers of action. It necessitates agencywide commitment, ongoing efforts and 24/7 management. For instance, solely relying on antivirus software for digital endpoint protection is insufficient.
A robust plan encompasses multifactor authentication, thorough file backup solutions, incident response planning, stringent password policies, secure domain name system practices, cyber hygiene, and security awareness. Ransomware attacks often start with reconnaissance, leading to malware delivery, encryption and data blocking or public exposure. Even highly sophisticated threat actors leave traces which can signal an impending or ongoing attack. Hence, ongoing Security Incident Event Monitoring (SIEM) and a round-the-clock Security Operations Center (SOC) play pivotal roles in defense.
SIEM acts as a cybersecurity layer which gathers and tracks data, signaling potential threats for faster detection and response. Coupled with a well structured SOC, it ensures real-time automated monitoring alongside expert human analysis. Trained security engineers evaluate alerts, provide incident response guidance, and take proactive steps for threat mitigation. An effective SOC offers managed detection and response, safeguarding against ransomware and other threats.
Reducing Vulnerabilities
To shrink the attack surface, law enforcement agencies must proactively identify and address security-related issues. This includes comprehensive cyber risk assessments; robust endpoint security protection; strict password policies; timely software patch updates; and automated tasks such as backups, E-mail filtering and threat detection/response. Geo-blocking access to Web sites can also thwart nation-state hackers from infiltrating agency systems.
Security awareness training is a crucial aspect of a well-rounded cybersecurity program. By engaging employees with simulated attacks and behavior altering assignments, agencies can reduce risky IT practices which lead to security breaches. Furthermore, agencies may conduct penetration tests to simulate cyberattacks, identifying system weaknesses just as hackers would.
A holistic approach accounts for the human factor, delivering actionable training and tracking progress. Effective security awareness training minimizes employee behavior which poses security risks. By adhering to agency policies and best practices, personnel are better equipped to identify potential malware behaviors and report security threats.
The value of law enforcement agency data is on the rise, paralleled by the proliferation of ransomware and threats. By adopting sound security practices, learning initiatives and other protective measures, agencies can diminish their appeal to hackers and reduce the likelihood of falling victim to digital criminals.
Carl Mazzanti is President of eMazzanti Technologies in Hoboken, NJ, which provides IT consulting services for businesses ranging from home offices to multinational corporations, municipalities and police departments.
Web Site Provides Cybersecurity Resources from Across the Federal Government
In 2021, the US Department of Justice (DOJ) and the US Department of Homeland Security (DHS) launched StopRansomware.gov, a collaborative Web site designed to combat ransomware threats. This central hub consolidates resources from various federal agencies, providing guidance, alerts and updates to individuals, businesses and organizations. Previously, finding essential information required navigating multiple sites, leading to potential information gaps. StopRansomware.gov mitigates this issue by offering a unified platform which includes reporting instructions, alerts and insights from all participating agencies, such as CISA, FBI and NIST.
Ransomware, a growing national security concern, demands cooperation among government, private sector and communities. The site also fosters collaboration and raises awareness. In 2020, over $350 million in ransom was paid, marking a 300% increase from the previous year. To counter this, StopRansomware.gov helps to bolster network protection, aiding both simple steps and advanced IT measures. The site encourages individuals and organizations to enhance their cybersecurity by visiting StopRansomware.gov