Why Police Departments Need Cybersecurity: A Complete Guide
May 26, 2021
More than ever before, technology plays a critical role in law enforcement. With the adoption, we’re asking why police departments need cybersecurity?
Technology has found its place within departments. Computers, confidential databases, LPRs, body-worn cameras (just to name a few), all help to support the daily operations, reporting and essential investigations. However, there is a common oversight when using it. That oversight is not protecting the technology, devices and ultimately the data.
That’s why we created BriteStar for Public Safety. A customized security approach with three packages: Lite, Standard and Plus specifically designed for the needs of public safety.
To add context around the issue, this blog breaks down the building pressure to secure critical data, infrastructure and what your department needs to build a mature cybersecurity program to withstand today’s advanced threats.
First up, motive. What are attackers after?
There’s been an increase in cyberattacks against police departments and municipalities in general. These attacks prove that the current defenses aren’t sufficient for today’s sophisticated attackers. As shown in these examples:
-
- Albany PD: The department experienced a ransomware attack on the internal affairs computer system. The 2019 attack caused data loss that ranged from September 2017 to April 2019. Total cost: $300,000.
- Los Angeles PD: A data breach exposed the personal information of 20,000 people. Hackers accessed names, dates of birth, email addresses and passwords and partial social security numbers.
- North Miami Beach PD: Another ransomware attack encrypted files on police computers. Attackers demanded $5 million in ransom to recover the information.
What are the attackers after exactly? The typical answer is money, but in today’s politically charged environment, they are also looking to disrupt the operations of a target department.
Personally identifiable information (PII) is a lucrative asset. Think identity theft. This data includes names, birthdays, social security numbers, addresses, payment information, etc. For law enforcement, data and systems also include access to DMV and criminal information, more motivation!
Applications that support major operations can be also held hostage by ransomware attacks, such as with North Miami Beach PD referenced above. In this case, operational disruption was the goal, and it was achieved.
Attacks are motivated in different ways, but their success is our failure.
Plan of attack: Why departments need cybersecurity
Bad actors are very creative when finding an entry point in. If there is a vulnerability, they will typically find it. Every device and piece of technology creates an entry point. Luckily, there are steps to take to prevent, detect and respond to an attack.
Protection against attacks
Locking down those entry points is surprisingly straightforward with the right foundation. And with years of experience, our BriteStar team has identified five categories for a defense-in-depth approach.
Proactive maintenance: The first step in any planned crime is reconnaissance. In cybersecurity, that takes the role of tasks such as scanning external IP addresses or searching social media to find an easy way in.
Proactive maintenance such as keeping devices, configurations and software up-to-date with continuous management and patching are all necessary actions. It is like locking your doors and windows.
Security tools: Once the doors and windows are locked, we still need additional defenses in place, defense in depth. With so many options, it feels like a game of “whack-a-mole”. But it is important to evaluate the solutions based on the department’s infrastructure, size and access to information.
In today’s market, most enterprise technologies scale down for small and medium-size environments. Start by asking the following questions:
- For the areas of the perimeter, endpoint, web, email and cloud, when was the last time you upgraded the technology?
- How often are you proactively managing it?
- And will it withstand the sophistication of today’s attacks?
User education: We were taught at an early age, don’t take candy from strangers or get into an unknown car. The same goes for cybersecurity. If it looks suspicious it probably is. The phrase “users are our last line of defense” is true because they possess the cognitive ability to analyze the situation and make an educated decision. That is why it is very important to educate users through a User Awareness Program. This will help them identify and report suspicious activity.
Monitoring and management: Cybercrime does not keep business hours and once an attacker has infiltrated the environment, they can move laterally and very often become invisible. That is why 24/7 monitoring and management of effective security tools is critical.
These tools can generate alerts of anomalous or activity that will indicate a breach. Swift action can stop the attack all together, reduce the effect, or greatly speed up the recovery time.
Disaster Recovery: We often say it is not a matter of if, but when a cyber incident will occur. Even if you do follow all of these previous recommendations, there is still a chance that you will fall victim. As a result, a reliable backup solution will make it easy to recover and limit the operational impact.
Those five areas provide comprehensive coverage and protection against cyberattacks. If you are unsure where to start, we can help run a free assessment of your environment and provide a comprehensive roadmap to security maturing. At the end of the day, simply getting the technology running is important, but with limited resources, continuous management can be a challenge.
Posted in Captain's Corner (Legacy), Featured Resources, Public Safety