It has become clear that organizations across virtually every sector of the economy are becoming the targets of cyber attacks—and there has been an increasing number of public sector cyber attacks.
Recently, the Washington, DC, Metropolitan Police Department fell victim to serious cyber attacks, which compromised and shared sensitive information. Hundreds of discipline files and intelligence reports were leaked onto the dark web, and according to experts, it is the worst known ransomware attack ever to hit a U.S. police department. This worrying development in cyber attack trends should concern all public institutions and reinforce the importance of a solid cybersecurity infrastructure. As long as personal information is stored online or on a server, public safety is at high risk.
In a recent industry report, a series of digital trackers stationed across the globe logged more than 5.3 trillion— yes, “trillion”—cyber attacks worldwide in 2021. That’s 14.5 billion attacks per day, 168,000 per second. It’s also 67 cyber attacks for every man, woman, and child on Earth.
The Identity Theft Resource Center recently announced that 17 percent more publicly reported data compromises occurred from January 2021 through September 2021 than in all of 2020. That means that cybersecurity threats are increasing—dramatically. And yet, the United States Cybersecurity & Infrastructure Security Agency (CISA) reported that 20 percent of the top routinely exploited cybersecurity vulnerabilities for 2021 were on 2020’s list as well, meaning significant threats are going unaddressed.
Effective cybersecurity today must be treated as a shared responsibility that demands teamwork and an unwavering commitment to internal and external collaboration. Threat actors are targeting organizations and entire industries with increasingly effective cyber attacks. Cybersecurity failure has become a leading threat, according to the World Economic Forum’s Global Risk Report 2022. Businesses agree: 70 percent of board directors view cybersecurity as a strategic enterprise risk, according to a survey conducted by the National Association of Corporate Directors (NACD).
Improving Internal Cyber Infrastructure
Effective cybersecurity comes from the top. Senior leaders should champion a cybersecurity culture that fosters collaboration across the organization. Agencies should schedule training so their teams can become more cyber-savvy. Staff may even be unaware that “how we always do things” puts the department at risk. Using business language to frame discussions of cyber threats also allows for plans to be created for effective collabo- ration. Performance measures for cybersecurity should be aligned throughout the organization along with ways for employees to monitor themselves. New digital tools are available to help improve security and remain compliant with federal regulations as more cybersecurity organizations work closely with compliance organizations to develop more mature and reliable cybersecurity programs.
A report by the World Economic Forum, PwC, the NACD, and the Internet Security Alliance (ISA) details six principles that can support board directors in governing cyber risks:
- Recognize that cybersecurity is a strategic business enabler.
- Understand the economic drivers and impact of cyber risk.
- Align cyber risk management with business needs.
- Ensure organizational design supports cybersecurity.
- Incorporate cybersecurity expertise into board governance.
- Encourage systemic resilience and collaboration.
Introducing new technology into law enforcement agencies offers the opportunity to rebuild trust with the public, but only if this implementation is done transparently and openly.
It can help to build robust relationships with local, national, and global government and law enforcement agencies to promote intelligence sharing. In addition, law enforcement organizations can build ties with nonprofit cybersecurity organizations such as Information Sharing and Analysis Centers (ISACs), some of which offer 24/7 threat warnings, incident reporting capabilities, and networking opportunities.
The nature of law enforcement has changed substantially with the advent of digital technology. Public safety agencies must now ingest a lot of data at once, including video, text, pictures, and audio. All of these data must be integrated by a flexible IT platform that offers a user-friendly workflow while complying with a range of state and federal standards.
Cyber Attack Mitigation Recommendations
If a cyber attack is suspected to be underway, an organization should initiate strategic incident response procedures to maximize its chances of protecting crucial GDA and isolate the cyber threat before the attackers can cover their tracks. Cybersecurity authorities from five nations, including the United States’ Cybersecurity and Infrastructure Security Agency, (CISA) collaboratively developed a list of best management practices to collectively uncover and mitigate a cyber attack.
Do
Step 1: Collect and remove relevant artifacts, logs, and data for further analysis. Indicators of compromise (IOC) might be excessive .zip files, suspect names, or activity logs with extreme records of login failures. Make copies of these records for further analysis in the hopes that they may contain breadcrumbs that lead to the attacker.
Step 2: Take mitigation steps to protect the organization’s assets but don’t tip off the adversaries that they have been discovered. After the responder has collected the digital fingerprints of the incident, consider restricting or discontinuing FTP or VPN services. Disable and remove any end-of-life (EOL) GDA. Block bad web domains and sanitize removable media.
Step 3: Solicit incident response support from an outside IT security specialist. A compromised GDA is a serious matter that should not be handled like other IT issues. Bring on subject matter experts to analyze the collected IOCs, ensure that the bad actor has been eradicated from the organization’s assets, and effectively assess and adjust the implemented security controls and (as necessary) risk management framework to avoid follow-up attacks. It is also critical to report cyber incidents to the CISA.
Do Not
- Try to block the adversaries or reset the credentials they are using before all evidence of their activities has been collected.
- Explore the adversary’s infrastructure.
- Communicate about the incident over the same network as the incident itself.
Failure to do so could lead to the adversary escaping to attack again or spur retaliatory counterattacks.
The creation and fulfillment of effective security programs allow for employees at multiple levels to embed the desire to protect their assets early on before an attack occurs. From the internal workings of a public organization, one of the first ways to begin security initiatives is to understand the goals of both IT teams and police leaders so that key departments stay connected and in constant communication. There must be clear security goals within both, and the plan of implementation should be enforced by top leadership.
This can be achieved through regular training sessions prioritizing cyber awareness and promoting new ways for employees to help prevent, detect, and address digital threats. The training of all employees, privileged users, administrators, and executives may vary depending on access privileges. Personalization and larger-scale training within the organization ensure that employees at all levels are exposed to new protocols.
This focus on building foundational security measures takes the power away from cybercriminals who are accustomed to the manipulation of many for their own potential gain and gives it back to public organizations. Technology is the foundation of cybersecurity, yet it can function at its height only if the members of an organization tap into their own potential of human intelligence and awareness. Empowerment via tools to assess potential risks to data allows for employees to grow as professionals and protect the operational functions of their organization.