Public safety agencies have never been more at risk of falling victim to a cyber attack, with nearly a 300 percent surge in cyber attacks in 2020. A cybersecurity tactic known as pentesting, or penetration testing, can help prevent those attacks though, as cybersecurity experts from Motorola Solutions explained on a recent live webinar.
“Pentesting: Your Network through the Eyes of an Attacker,” featured cybersecurity experts Paul Hill, Mike Warren and Ryan Clancy and was part of Motorola Solutions 2021 webinar series on Cybersecurity for Mission-Critical Technology. The presenters explained what happens when an attacker tries to access a network, and what steps public safety agencies can take to mitigate cyber attacks, including pentesting.
“A cyber attack can impact the confidentiality, integrity and availability of mission-critical communications,” Hill explained. Penetration testing, or pentesting, “is a great first step to understanding what vulnerabilities you have in your network.”
Pentesting is authorized hacking with a purpose, according to Warren. “Authorized because you gave us permission to do the testing — hacking because we’re going to go through your system to look for vulnerabilities, and attempt to exploit them to gain access to what you’ve identified as your critical information.”
More public safety networks, including 9-1-1, hospitals and police departments are being targeted by cyber attacks because those networks need availability the most and “typically pay up the fastest,” Hill said.
In 2020, victims of ransomware attacks paid an estimated $350 million to cyber criminals. One of the most recent examples was the Metropolitan Police Department in Washington, DC, which fell victim to a ransomware attack in which criminals demanded millions of dollars not to publish hundreds of stolen files after publishing extensive profiles of 22 officers.
“You’ve got to think about the people,” Hill said. Cyber attacks like the SolarWinds cyber attack in 2020, are caused by “real humans, with real motivations. If you can stop the humans doing what they’re doing, then a lot of times, you can stop the bad thing from happening.”
That’s why getting inside the mind of a cyber criminal is so important. On the webinar, Warren and Clancy played the parts of attacker and defender and talked through a data compromise scenario. In the course of the exercise, the two experts discussed the various ways your own personnel can be exploited as an attack vector via social engineering, and recounted past experiences with ransomware attacks at police stations and hospitals with devastating effects.
Interested in learning actionable steps you can take to make sure this doesn’t happen to you or your agency? Listen to our on-demand webinar to find out more.