Can your cell phone be used to steal your email password or fingerprint data? Can hackers access personal information from your heart rate monitor, fitness tracker or smartwatch? What may have once sounded like science fiction is rapidly becoming reality.
We now live in an era of connectivity – with digitally connected devices permeating every aspect of our lives. In fact, as soon as 2020, the number of connected devices will reach more than 21 billion. This level of interconnectedness is enabling people and businesses to do things never before imagined – from home automation to environmental monitoring.
Today’s increasingly connected world is also introducing more attack vectors and more possibilities for cyber crime. Unfortunately, some of the most commonly used interconnected devices contain vulnerabilities. At a recent DEF CON, 47 vulnerabilities affecting 23 connected items – including webcams, door locks, thermostats and baby monitors – were disclosed. With these vulnerabilities, cyber criminals now have more entry points and can move laterally across networks. As a result, cyber attacks can have far more extensive effects than ever before. Despite this information, 80 percent of organizations do not routinely test their IoT apps for security vulnerabilities.
Developing resilience to withstand cyber attacks is critical to future success. Safeguarding software and connected devices – and making it as difficult as possible for exploitation – will help to improve overall organization system security.
Organizations must be proactive and operate in a state of readiness. Embracing a holistic, risk-based strategy enables organizations to manage their risk awareness, security, detection, response and recovery. By focusing on mitigation options, continuous monitoring, diagnosis and remediation, companies are better able to protect themselves and proactively confront potential situations before they become an acute threat.
Read the full Motorola Solutions White Paper here to learn more about the emergence of new attack vectors and how a holistic strategy can help defend against emerging cyber threats.
Troy Mattern is Vice President of Cybersecurity Products and Services at Motorola Solutions.
October is officially National Cybersecurity Awareness Month. In light of headline grabbing cyber attacks around the globe, governments and businesses are becoming increasingly concerned about their cybersecurity – and with good reason. Cybersecurity Awareness Month provides the opportunity to cut through the typical fear, uncertainty and doubt (FUD) surrounding cybersecurity and focus on understanding the risks.
At Motorola Solutions, we are working to ensure both our customers and employees fully understand the reality of today’s evolving cybersecurity landscape and generate awareness of both the risks and potential solutions:
Beyond Cybersecurity Awareness Month, Motorola Solutions is committed to growing awareness and enthusiasm around cybersecurity. In today’s increasingly complex digital environment, it’s no longer a matter of if but when an organization will experience a cyber attack. Moving past the FUD and increasing understanding is critical to being prepared.
Troy Mattern is Vice President of Cybersecurity Products and Services at Motorola Solutions.
Cyber crime is on the rise. Recent reports highlight an increase in the number of U.S. data breaches by nearly 45 percent. As reports of cyber attacks continue to make headlines, organizations are increasingly looking at ways to protect themselves. The result is an increased investment in cybersecurity tools and programs. By the year 2021, it is estimated that global spending on cybersecurity products and services will reach a cumulative $1 trillion.
Despite these increased investments, security capabilities have been unable to deliver the desired efficiency and effectiveness. Currently, businesses are investing in a wide variety of cybersecurity tools, including advanced perimeter controls, encryption, automated policy management and threat intelligence systems.
However, spending on cyber tools alone does not ensure security. A truly effective cybersecurity program evaluates risk and then integrates the right technology with people and processes. Understanding your organizational risk is critical to making smart decisions regarding cybersecurity tools and technologies. The most important thing any decision maker does is determine how to allocate their resources towards the success of their organization’s mission. So, how do you know if you are doing that?
Currently, a study by the Ponemon Institute highlights a potential disconnect in organizational spend on cybersecurity technology with actual return on investment (ROI). Many organizations are investing heavily in a few targeted technologies – including compliance and automated policy management – overlooking the need for a more balanced portfolio of technologies.
While these technologies do play a critical role in cybersecurity, they should be augmented with security systems that include risk monitoring, patching and innovations like cyber analytics and machine learning. These technologies have shown a high return on investment with the breakthrough areas of cyber analytics, user behavior analytics, automation and machine learning ranking in the top four cost-saving security technologies. Organizations should also work to ensure they take full advantage of their solution capability – employing, maintaining and operating it properly to achieve success.
As the cyber threat landscape continues to evolve, investments in cybersecurity need to be closely monitored and adjusted to ensure organizational spend is being allocated appropriately. Organizations need to build an ecosystem that encompasses a diverse portfolio of cyber tools that can be integrated to work together. By balancing a strong foundation of “basics” – such as security intelligence, patching and advanced access management – with innovations like analytics and machine learning, organizations can improve the effectiveness of their security programs.
But technology alone doesn’t ensure security. Organizations need a culture of good security processes and a team of well-trained professionals to drive their cybersecurity efforts. A security team can help guide practices, prioritize activities, respond to threats and inspect potential risks. However, security must live throughout an organization – with processes that safeguard critical communications and proactively monitor for risk. This includes looking at existing vulnerabilities, fixing them, assessing risk and developing a response and recovery plan.
Cybersecurity doesn’t happen by chance. It requires a focus on implementing the right technologies, engaging with knowledgeable people and implementing effective processes. Read the full Motorola Solutions White Paper here for insights into how implementing a holistic, risk based approach can help your organization address the growing cybersecurity challenge.
Troy Mattern is Vice President of Cybersecurity Products and Services at Motorola Solutions.
If your organization has ever wondered whether it is making measurable progress in combating cyber crime, you’re not alone.
The emergence of new technologies have lowered the bar for modern cybercriminals, expanding the cyber crime landscape beyond a limited group of skilled individuals. This widening pool of cybercriminals is creating new vulnerabilities and new threats on an almost daily basis. Amid this evolving reality, it can be difficult to keep up.
According to the seventh annual Allianz Risk Barometer Survey, cyber risk is now one of the top two global business risks. And there are a number of specific attack avenues organizations are increasingly concerned about:
Malware: Fake download links and phony email attachments – we’ve all seen them. When successful, these malware attacks enable criminals to take control of your machine, monitor actions and keystrokes, and send confidential data from your computer and network. Despite our knowledge of these sorts of attacks, nearly 100 percent of companies report having experienced some form of Malware crime. A recent malware attack on Allentown, Pennsylvania struck the city’s most critical systems – including surveillance camera networks – costing nearly $1 million and forcing the shutdown of some public safety operations.
Web-Based Attacks: Much like malware, the majority of organizations have experienced a web-based attack. Unfortunately, these types of crimes can cost companies 100 times more than malware annually. In fact, one recent event saw hackers steal 45 million records, costing the affected organization nearly $260 million.
Botnets: Blending the words “robot” and “network,” botnets are a network of “bots” that criminals can remotely manage to deploy malware, initiate attacks on websites and steal personal information. These attacks can infect a multitude of devices – devastating an organization. In fact, the recent Mirai botnet saw the shut down of major areas of the internet, including Twitter, Netflix and CNN, as well as the entire country of Liberia.
Lost and Stolen Devices: We do everything on our mobile devices and laptops – send emails and text messages, conduct banking, store personal and corporate information and more! With this wealth of information available, it’s no wonder that nearly 54 percent of the major data breaches tracked by federal regulators since 2009 have been the result of lost or stolen devices.
Denial of Service (DoS): Have you ever tried to access a website and failed? Ever tried to reach a number and got a busy signal? The website or phone line may have been the victim of a DoS attack. These attacks overload an organization’s web or telephony service, flooding it with more traffic than it can withstand. As a result, visitors attempting to access the service are unable to view its content or make a call. That was the case with recent attacks on administrative public safety answering points (PSAP) and emergency communications centers. Perpetrators launched a high volume of calls against the target networks, tying up the service and preventing legitimate calls.
Malicious Insiders: Taking a step beyond insider threats caused by employee negligence, malicious insiders include current or former employees, contractors or business associates looking to gain access to insider information on security practices, data and computer systems. These attacks are difficult to detect and remediation can be extremely costly – with fifty-three percent of companies estimating remediation costs of $100,000 or more and 12 percent estimating a cost of more than $1 million.
Ransomware: Much like it’s name conveys, ransomware takes over a computer and denies access to data unless a ransom is paid. These attacks pose a serious organizational threat, with more than one-quarter of cyber insurance claims resulting from ransomware attacks. And no one is immune. In 2017, WannaCry ransomware hit a number of high-profile targets around the world – impacting more than 300,000 organizations worldwide, with victims receiving a note demanding a ransom of $300 in bitcoin. PSAPs are not immune. Baltimore’s 9-1-1 dispatch system recently experienced a ransomware attack, with hackers infiltrating a server that runs the city’s CAD system for 9-1-1 and 3-1-1 calls, causing the city to revert to manual dispatching for nearly 24 hours. This attack is just one of a recent slew of attacks targeting municipal systems across the country.
In the world of cybersecurity, things are changing at a rapid pace. And while organizations continue to acknowledge the importance of protecting their networks, keeping up with reality can be a challenge. That’s where cyber “resilience” comes in. Moving beyond individual cybersecurity efforts, resilience looks at security as an integral part of an organization’s core business – enabling them to better prepare, prevent, respond and recover from cyber breaches.
Read the full Motorola Solutions White Paper here to learn more about cyber resilience and how your organization can better protect against the growing cyber threat.
Attending APCO? Please join me during the Cybersecurity information track (August 6, 4:30 - 5:30 PM) when I will present “Welcome to the ‘No FUD’ Zone”. During my talk I will explore real events, real impacts and offer a view of the trends in public safety technology to combat cyber threats, as well as what Public Safety personnel can do to help manage the risk.
Troy Mattern is AVP of Products and Services Cybersecurity at Motorola Solutions.
In 2018 Waukesha and Milwaukee County will be fully migrating to a joint P25 mission-critical, digital, radio system for first responders and dispatch personnel. The IP-based system has so many benefits over our previous analog systems not the least of which is our ability to talk across two counties and easily coordinate responses and investigations with multiple agencies. But this sophisticated technology, like all IP based technology, is vulnerable to cyber attacks from unauthorized users, looking to take down the system or hold the system ransom for money.
As we built the new radio system we realized we needed to take a look at our cyber security protocols and make sure we have the appropriate support in place to protect the system against potential impacts from cyber threats such as malware, phishing malicious code, botnets and unauthorized users. Routine software updates and patching is one of the best ways to protect a system. In fact, according to the Department of Homeland Security Cyber Emergency Unit, at least 85% of attacks can be prevented by routinely applying security patches.
To protect the system from cyber threats we use a security update service to manage the complexity. System managers review all available software patches, determine if they are necessary and then test them in their lab to make sure there will be no adverse effects on our system when the patches are implemented. When the upgrades are pushed out into the production environment, they are implemented systematically following a rigid set of protocols to make sure there are no unprotected areas of the system and the users are not impacted. This is beneficial because we have a highly available system, relied on by field and dispatch 24x7, and we need to minimize any downtime. It also controls the number of people who are touching the system and possibly opening the system up to outside intrusions.
Just knowing that there are individuals out there that are dedicated to watching the system, have a baseline for what normal traffic is, and can see when the spikes occur that require action definitely allows me, as an administrator of the system, to relax a little bit and focus on the things I need to focus on which is our people and future enhancements.
My advice to other system administrators is to make sure you know what your cyber security protocols are and make sure it's being done effectively because you do not want to be impacted by a downtime event. Today’s IP systems are much different than the old-school, siloed analog systems; everything is interconnected and vulnerable now. So, it is important to make sure that patches are being done by the people who are specifically designed to support that system.
I invite you to watch a newly released Waukesha County Communications operations video and hear from our people how we are keeping our system and our community safe and secure.
To learn more about the importance of cybersecurity and patching please attend Motorola Solutions’ Troy Mattern, VP of Cybersecurity Products and Services during APCO Cybersecurity Speaking Session: “Welcome to the ‘No FUD’ Zone” on August 6 at 4:30 PM - 5:30 PM.
Gary Bell, Director of Emergency Preparedness for Waukesha County Communications, Wisconsin.
From Equifax and Uber to Meltdown and Spectre, cyber attacks and data breaches are making headlines globally. As cyber crime continues to proliferate throughout both the public and private spheres, governments and businesses are becoming increasingly concerned about their cybersecurity – and with good reason.
While the total number of data breaches and record exposures often fluctuates, organizations are seeing a continued upward trend. According to the Identity Theft Resource Center, the number of U.S. data breaches tracked in 2017 hit a new record high, increasing from the previous high established in 2016 by nearly 45 percent and compromising more than 174 million records.
In addition, the cost of cyber crime is accelerating. The Center for Strategic and International Studies now estimates that the annual cost of cybercrime to the global economy is more than $400 billion USD. Rapid digitalization is expected to increase the cost of data breaches to more than $2 trillion globally by 2019.
Cyber threats have evolved rapidly in recent years and are no longer relegated to a limited number of skilled individuals. New threats such as “cyber hurricanes” – a single attack where hackers disrupt large numbers of companies through common internet infrastructure dependencies – mean businesses are more concerned than ever before. In addition, malware-for-hire, bot net, exploit kits and ransomware packages have lowered the bar for cybercriminals and created new vulnerabilities. Cyber risk has now moved into the top two global business risks, according to the seventh annual Allianz Risk Barometer Survey.
It is clear that cyber is becoming a critical threat to both governments – faced with a potential for undermined national security – and businesses – tasked with storing confidential customer and client information. The result is a growing focus on cybersecurity. Cybersecurity products and services are fueling the global market, with spending expected to reach $170 billion by 2020.
Despite the attention cyber attacks continue to garner and despite the growing calls for increased cybersecurity, many organizations struggle to comprehend and manage emerging cyber risks in today’s increasingly complex digital society. This is compounded by an emerging cybersecurity workforce gap. According to the Global Information Security Workforce Study, this gap is on pace to reach nearly 2 million by 2022. Already, 51 percent of agencies report that they could use at least one more employee to cover necessary data security tasks.
In a world which is increasingly dependent on digital technology and interconnectedness – developing resilience to withstand cyber attacks is critical to future success. Advanced cyber attack techniques, new attack vectors from open networks, an industry-wide lack of security expertise and a disconnect between spending on cyber tools and increased security are challenging the implementation of a holistic cyber strategy. Read the full Motorola White Paper here to learn more about the evolving cybersecurity landscape.
Troy Mattern is the Vice President for Product and Services Cybersecurity at Motorola Solutions.