2020 is certainly a year that will go down in history books. Bushfires blazed across Australia. The United Kingdom officially withdrew from the European Union. The Olympics were postponed. The Dow saw the worst point drop since 1987. COVID-19 spread across the world, quickly becoming a global pandemic. Protests have expanded nationwide.
No part of our lives have been untouched by the events to date – and the public safety cybersecurity landscape is no exception. We’ve seen a shift in threat actors and methods in the wake of geopolitical and social changes, which we’ll discuss in today’s blog.
Ransomware Attacks Remain Top Threat
Ransomware attacks remain an urgent threat to public safety agencies. In 2019, there was a notable increase in attacks against cities and municipal authorities – nearly 350 percent over the previous year. These attacks are often more damaging than data breaches because they have the potential to completely shut down an agency’s IT operations. Even if an organization chooses to pay the ransom, attackers may choose to destroy valuable data instead of releasing it.
The public safety sector continues to be seen as “low-hanging fruit” for hostile actors as agencies often have fewer cybersecurity resources available than big businesses. With the onset of the COVID-19 pandemic, attackers shifted their focus to target medical and healthcare organizations. As a result, public safety saw a 33 percent drop in ransomware attacks in the first quarter of 2020. Unfortunately, ransomware remains a go-to weapon in hostile actors’ toolboxes. The attention from attackers has also begun to shift back to public safety agencies in recent weeks, with a corresponding uptick in ransomware incidents. By the end of 2021, ransomware is expected to attack an organization every 11 seconds, and public safety organizations will get more than their fair share.
It is critical that organizations protect themselves against the most common methods of attack: brute forcing or exploiting known vulnerabilities, use of remote desktop protocol, exploiting serialization/ deserialization vulnerabilities in web servers and phishing employees and officers. Implementing timely, comprehensive risk assessment and patching strategies, utilizing multi-factor authentication and incorporating 24/7 monitoring of applications and networks can help mitigate these methods.
Hacktivism Sees a Resurgence
Following peaks in 2015 and 2016, hacktivism activity saw a 95 percent decrease in recent years. Despite this, it remains a problem in the public sector, with distributed denial-of-service (DDoS) attacks and website defacements continuing to happen.
As a result of the recent civil unrest throughout the United States, we’ve also seen a significant spike in hacktivist activities targeting police departments. In June, the “Distributed Denial of Secrets” hacktivist group published a massive leak of internal police data. Known as “BlueLeaks,” the database contains 269 GB of data from more than 200 law enforcement agencies nationwide. It is considered the largest published hack of American law enforcement agencies and has the potential to expose sensitive investigation information, including personal details on victims and law enforcement personnel.
The best defense is a proactive one. Agencies should regularly audit their monitoring systems, fortify their account security with two-factor authentication, ensure they have an incident response and remediation process in place and regularly test those processes. Beyond these more traditional steps agencies should not be satisfied with a lack of alerts, but presume they are compromised and hunt for the evidence of it. In the case of the BlueLeaks attack, it appears the breach happened as a result of a vulnerability at a third-party company hosting these databases, so don’t forget how important it is to consider vendor security, too.
Data Loss and Breaches Go Big
Since 2018, data breaches have gotten exponentially larger – with the amount of compromised data increasing. The first six months of 2019 alone saw more than 3,800 publicly disclosed breaches exposing more than 4 billion records. While 2020 has seen a dramatic drop in overall data breaches – down 33 percent compared to 2019 – experts indicate that one of the key drivers behind this drop may be that the market is flooded due to the mass amount of information previously stolen. The result is a decreased motivation for more breaches.
Unfortunately, one industry that has seen a sharp uptick in data breaches is the healthcare industry. The number of healthcare data breaches in early 2020 doubled, with the HIPAA Breach Reporting Tool website of the Department of Health and Human Services listing a total of 105 breaches affecting more than 2.5 million individuals.
Although the number of new data breaches may have declined, cyber crime has not slowed. Despite this growing threat, organizations are still underprepared. Data breaches highlight the reality that cybersecurity is often a people issue versus a technology issue. From falling prey to phishing attacks attempts to unintentional negligence, employees can be a weak link in an agency’s security strategy. Ninety percent of organizations are likely to be attacked or exposed to attack through an insider. Organizations need to provide continuous training and develop policies to teach employees good cyber practices and protect their data.
Knowledge is Power
Amid the chaos and uncertainty of 2020, cybersecurity attacks surged nearly 20 percent overall – despite the 33 percent decrease in data breaches. Since the beginning of the year, 445 million cyber attacks have been detected – and we are only halfway through 2020.
As cyber attacks continue to threaten public safety agencies, it’s critical that organizations invest in a proactive, holistic, risk-based approach. In order to do so, public safety agencies must understand the threats they face from a wide range of cyber attacks.
As both the leading provider of solutions and cybersecurity services for public safety, Motorola Solutions is uniquely placed to gather and generate deep insights into cyber threats. Toward that end, we’ve developed a detailed report highlighting the current state of public safety cybersecurity. This report provides agencies with a baseline of knowledge to more effectively develop a proactive plan steeped in real world insights.
Download and read the full report to explore insights and learn best practices on established and emerging cybersecurity threats.
