When It Comes to Cybersecurity, Prevention Should Be the Goal

Recently a colleague asked me to identify some of the scariest cybersecurity trends we’re seeing in the public safety and justice sectors — and one immediately sprang to mind.

Cybersecurity is at the forefront, finally

Organizations in these sectors finally are starting to understand the severity of the cybersecurity problem. It’s taken a while — far too long, in fact. For a very long time, they seemed to believe that cyberattackers only would target the private sector for their ransomware attacks because that’s where the deep pockets exist, capable of paying hefty ransoms to decrypt their files. But over the last couple of years, it has become clear that public-sector organizations also are in the crosshairs. So, they are starting to take strong, proactive steps to detect and mitigate cyberattacks.

That’s the good news. But what about the rest of it? The reader might wonder, “what does he mean, the rest?” That’s the scary part.

There’s plenty more that public safety and justice organizations can and should be doing regarding cybersecurity— anecdotal evidence indicates that they’re still largely not doing it. This is a very big and potentially very dangerous problem. An old adage says, “an ounce of prevention is worth a pound of cure,” and it certainly can be applied to cybersecurity.

Think strong detection and migration is enough? Think again.

Specifically, public safety and justice organizations seem to think that strong detection and mitigation is enough — and they’re wrong. This is analogous to closing the barn doors after the horse has left. If your organization suffers a cyberattack, it already has lost the battle — detection and mitigation, while necessary, are about limiting the damage. Preventing it from occurring in the first place is a much better approach.

So, what should organizations be doing?

In a blog posted to the MCP website a couple of weeks ago, I made the case for a strong vulnerability-management program. (Click here to read it.) At the heart of such programs are penetration testing and vulnerability scans — if you don’t identify vulnerabilities, you cannot eliminate them. Penetration tests simulate how a cyberattacker might gain access to the network environment and what will happen to systems and devices afterward. Such tests are done manually and should be conducted at least quarterly or annually. In contrast, vulnerability scans are automated processes that do a deeper dive into the identified vulnerabilities to better understand why they exist — such understanding is the key to eliminating each vulnerability.

Cybersecurity is a journey

Other effective prevention tactics include password/passphrase management, endpoint protection, robust firewalls, virtual private networks, and multifactor authentication. There’s also a lot of value in embracing the tenets of the National Institute of Technology and Information (NIST)’s cybersecurity framework.

However, the most impactful thing that public safety and justice organizations can do is realize that time is of the essence. Cyberattackers are motivated, highly intelligent, and persistent, evolving seemingly at warp speed. Hence, there is no time to waste in terms of establishing a prevention program.

The second most impactful thing they can do is realize that they likely need more in-house cybersecurity resources to stand up such a program. MCP does, and we are eager to support you in this effort — please reach out. Cyberattackers are like burglars in that they tend to look for networks and systems that are easy to breach. They’ll likely move on to the next target if yours isn't. Let us help you accomplish that.

Jason Franks is an MCP cybersecurity analyst. Email him at JasonFranks@MissionCriticalPartners.com.