Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive. By
Lawrence F. Zorio III, Chief Information Security Officer, Mark43
Cyberattacks
on public safety agencies aren't just a risk - they're a reality. With critical
systems like 911 dispatch and highly sensitive law enforcement records at
stake, cybersecurity is no longer a nice to have, it's an urgent priority. In
2025, public safety agencies will work to strengthen their defenses, modernize
their systems and stay ahead of evolving threats.
Cybersecurity
advancements align with broader public safety trends: improved
interoperability, enhanced customer experience and renewed focus on open data.
I recently discussed these priorities with industry leaders at the Dec. 2024 White House meeting
on Modernizing Law Enforcement Data Collection, Use, and Transparency.
The message
is clear: 2025 is the year public safety agencies take cybersecurity to the
next level. Let's dig in.
Cyberattacks on public safety agencies will
increase.
In 2025, I
expect to see an increase in attacks on public safety agencies. In the new
Mark43 2025 U.S. Public Safety Trends
Report, based
on a national online survey of public
safety professionals,
84% of law enforcement professionals acknowledge that their organization
experienced a cybersecurity issue in the last year. Rising costs will accompany
the ever-increasing number of cyberattacks; according to research firm
Cybersecurity Ventures,
the global costs of cybercrime will grow from $9.5 trillion in 2024 to $10.5
trillion in 2025.
Public safety agencies will focus more on
cybersecurity and risk strategy.
To improve
cybersecurity in 2025, public safety agencies will adopt a continuous
evaluation strategy. The first step? Identifying their most valuable digital
assets - like computer-aided dispatch (CAD) systems, which handle 911 calls and
dispatch management, and records management systems (RMS), which house highly
sensitive information like arrest and case data.
From there,
public safety agencies will develop risk strategies by modeling various
cyberattack scenarios, prioritizing investments in secure, resilient technology
and ultimately saving time, money and resources.
Public safety agencies will increasingly use
cloud-native systems for resilience and mobility.
More and
more, legacy systems are seen as a liability. The 2025 Public Safety Trends Report
survey revealed
that "a near-total majority (89%) of law enforcement professionals worry about
their legacy systems' ability to handle major events like natural disasters,
cyberattacks or large-scale incidents."
The reality
is simple: Data connected to the web can't be protected by in-house systems
alone. In 2025, public safety agencies will accelerate their adoption of
cloud-native systems to benefit from robust security controls provided by cloud
vendors - controls far beyond what most agencies can maintain on premises.
Cloud-native
systems also deliver essential mobility and resilience. Whether facing a power
outage or natural disaster, these systems ensure public safety professionals
can operate seamlessly from anywhere. Cloud-native technology also brings cost
savings, eliminating the need for costly data centers and reducing the burden
on IT teams.
Multifactor authentication (MFA) adoption will
increase.
As part of
their initiatives to improve their cybersecurity posture, public safety
agencies will increasingly implement multifactor authentication (MFA) - the
number-one cybersecurity control for its low cost and high value. Identity
providers like Microsoft, Google or Okta already include MFA, making it an easy
win for agencies looking to strengthen their defenses.
Public safety agencies will adopt security
frameworks.
In 2025,
public safety agencies will formalize their cybersecurity efforts by adopting
recognized cybersecurity frameworks like the NIST Cybersecurity Framework (CSF). Tactical measures will include vulnerability
management, regular backups, monitoring, audit functions and incident response
tabletop exercises to ensure memory for seamless mitigation in the event of an
attack or a breach.
Compliance
with the security policy requirements of the FBI's Criminal Justice Information Services (CJIS) division will also influence public safety
agencies' cybersecurity and risk management policies in 2025. Agencies must
comply with stringent security requirements - like MFA, encryption and password
management - to access CJIS data.
Public safety
agencies will also implement other cybersecurity frameworks, like the Center for Internet Security (CIS)
Critical Security Controls and the NIST Special Publication (SP)
800-53 Security and
Privacy Controls for Information Systems and Organizations, both of which align
to the CJIS security policy requirements while offering scalable solutions.
Funding for cybersecurity initiatives will
increase.
Cities and
states are recognizing that funding for cybersecurity is no longer optional -
it's essential. I predict we'll see increased funding and grants for public
safety agencies to strengthen their defenses and modernize their systems. These
investments will do more than just protect data - it will enhance community
safety by ensuring first responders have access to their systems when their
residents need them most.
Public safety agencies will require vendors to
have StateRAMP and FedRAMP authorizations.
Public safety
agencies have competing priorities, and vendor searches are arduous and time
consuming. In 2025, I expect more and more agencies to require StateRAMP,
the State Risk and Authorization Management Program,
and FedRAMP, the Federal Risk
and Authorization Management Program authorizations. These cybersecurity
programs give a prestigious stamp of approval to cloud product vendors that
maintain the highest levels of cybersecurity controls. I also expect more
vendors to pursue these authorizations to remain competitive - but rest
assured, they are difficult to achieve, underscoring their value.
2025 will be
the year we'll see more advancements than ever before to meet the rising
cybersecurity challenges head-on. From cloud adoption to MFA, risk strategies
and formalized frameworks, as public safety agencies embrace these
advancements, they will become more and more resilient. The result? Better
security, great efficiency and improved safety for everyone.
##