By Rick Simonds
Public safety agencies continue to be hit hard by ransomware attacks. News of police departments unable to access critical information, having their 911 centers temporarily knocked offline, or facing sensitive information being released to the public has become all too common.
There is no simple solution. Cybersecurity spending continues to rise, but cybercrime isn’t slowing down. While there’s no shortage of new technologies to invest in, the reality is that there’s no silver bullet solution to protect your department from a cyberattack.
Since it’s impossible to prevent a cyberattack, a more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions so you can withstand and recover rapidly from disruptions. This can be achieved by implementing a holistic and mature cybersecurity program throughout your agency.
But developing a mature cybersecurity program takes time and can be overwhelming. Organizations just getting started can be unsure of where to begin. We are often asked, “How much do we need to spend, and how do we measure the return on investments we make in cybersecurity?”
The current threat environment will influence your investment strategy. Ransomware as a service (RaaS) is a thriving global services economy that has changed the game for criminals around the world. RaaS providers aren’t just operating on the dark web – a good number sell services on commercial websites. Many model themselves after commercial IT services providers, working with resellers, offering tiered pricing and providing help desk support. Little technological expertise is needed to become a successful cybercriminal.
[View this on-demand webinar on the growing threat of ransomware attacks on public safety agencies]
The good news is most of these attacks are not targeted, they are automated, opportunistic attacks. Attackers want to get the most amount of money for the least amount of effort. For this reason, focus your cybersecurity investment on initiatives that create more effort for the attacker. At a minimum, every program should contain the following three items:
- Patching critical vulnerabilities.
- Remove administrative privileges.
- Strong passwords with multi-factor authentication.
Once these controls are in place, continue to maximize your cybersecurity ROI by following this roadmap.
1. Find active threats
Left unchecked, network infections can propagate across infrastructure environments and questionable network activity only increases the likelihood that an organization will eventually be victimized by a breach or compromise.
Automated threat detection is not enough. Organizations must proactively hunt for threats on their network daily. A managed threat detection service that employs security analysts to identify and confirm threats 24x7 can allow you to cost-effectively leverage all the cybersecurity advantages that an in-house threat hunting team delivers.
Investing in a managed threat detection service provides tangible results almost immediately with little disruption to your business processes. You will pinpoint suspicious activities putting you at risk and receive guidance on how to mitigate those risks.
2. Develop an action plan
It’s important to understand your current state so you can prioritize your path forward. A great tool to help evaluate your organization’s cybersecurity readiness is the Cybersecurity Framework issued by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST). The Framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improve security and business resilience.
Gaps in your program are identified by analyzing the current state of your control environment against the Framework’s objectives. Then an action plan can be developed to move your organization forward realistically and cost-effectively on a path to cybersecurity maturity, while maintaining a balance of productivity and operational effectiveness.
3. Build a foundation
Initial investments should be for foundational elements that can mature over time. We recommend taking a risk-based approach to determine a strategic plan as it relates to investment in cybersecurity. You need to balance risk against rewards and manage cybersecurity risk in a way that is consistent with your department’s objectives.
Foundational elements of a robust cybersecurity program include:
- An Incident Response Plan that provides a well-defined, consistent and organized approach for handling incidents and ensuring cyber resiliency. Periodically practice your plan using tabletop exercises to ensure you are prepared when a real event occurs.
- End-user security awareness training for your employees. Build a workforce that understands the fundamentals of cybersecurity, so that they can make everyday choices to promote it and defend your information assets.
- An effective cybersecurity review program for your third-party service providers.
- A process to identify system and device-specific vulnerabilities through vulnerability scanning and penetration testing.
4. Track your success
Metrics are used to track success throughout many facets of business, and cybersecurity is no exception. When you understand what’s working and what’s not, you can make better business choices around what you invest in.
A multitude of data points in your cybersecurity program can be leveraged to help guide, inform and improve your security program. Choose what makes sense for your business and get started.
Next: Cyberattackers are coming for public safety; prepare now
About the author
Rick has over 25 years of business, information technology and cybersecurity experience, and has earned multiple certifications. He began his career at Tyler Cybersecurity (formerly Sage Data Security) in 2003 as an Information Security Architect where he worked with clients providing a full range of services from technical testing to Board of Director briefings. In 2008 he was promoted to Chief Technology Officer, a position he held until 2015 when he took over managing the day-to-day operations. Tyler Cybersecurity became part of the Tyler Technologies family in 2018 and offers a range of cybersecurity solutions, including advisory services, assurance testing and managed threat detection to the public sector.