Issue link: https://nebusinessmedia.uberflip.com/i/1390514
18 HARTFORDBUSINESS.COM | JULY 12, 2021 By Zachary Vasile zvasile@hartfordbusiness.com A recent slew of cyberattacks targeting major employers is pushing companies of all sizes to ramp up their network defenses — and putting a renewed focus on a national shortage of cybersecurity workers, a problem industry figures say they've been grappling with for years. "It's not necessarily a new issue, but it's gotten more acute," said Jim Parise, president of Glastonbury technology consulting firm Kelser Corp. "We're all competing for talent. And when you see what's been happening, that heightens everyone's sense of needing a security posture. So the competition's only going to get more intense." Cyber threats have been around as long as the computer networks they seek to compromise, Parise noted, but up until fairly recently, the issue was only on the radar of large corporations doing particularly sensitive work. "It's the perfect storm," he said. "The cyberattacks — at least the ones we hear about — have created an explosion of need that really wasn't there 10 years ago. There weren't enough people in the cybersecurity pipeline then, and there certainly aren't enough in the pipeline now." Christopher Luise, co-CEO of Rocky Hill-based ADNET Technologies, which is in the process of launching a cybersecurity firm called MachBlue Defense, said a shortage of cybersecurity professionals has been a constant stumbling block for the broader technology sector. "It's a challenge," Luise said. "Historically, there's been a gap between industry and academia, which has started to tighten up, but there's still a big lack of resources and a lot of competition for talent." Luise said cybersecurity as a field had been somewhat neglected in the past. "It was thought that there was very little need for cybersecurity experts," he said. "It wasn't being addressed." According to industry tracker Cyber Seek, there are currently 464,420 cybersecurity job openings in the U.S., including 3,763 jobs available in Connecticut. Overall, there are 8,048 people in the state employed in cybersecurity roles, Cyber Seek data shows. Numerous intrusions Sophisticated cyberattacks against American enterprises and government agencies are nothing new, but the frequency and scale of such intrusions over the last several months has put national security officials and private sector executives on edge like never before. First was a ransomware attack on Colonial Pipeline, the largest conduit for refined oil products in the U.S., which encrypted customer data. Made public on May 8, the breach forced Colonial's management to shut down the pipeline to limit infiltration of its computerized equipment. The company reportedly paid a ransom of between $4 million and $5 million to have its data decrypted and released, but it took several days for the system to come back online, prompting widespread panic buying that led to fuel shortages at filling stations across the South. Around the same time, Illinois- based insurer CNA Financial discovered that a trove of company data had been stolen through a malware program known as Phoenix Locker. The firm resolved the matter without comment, though financial news publication Bloomberg has reported that CNA paid $40 million to an unidentified criminal group to recover its records. Less than a month later, Russian hackers struck JBS Foods, the world's largest meat supplier. The company acknowledged paying a ransom of around $11 million through bitcoin after some of its plants in the U.S. and Australia were shut down for at least a day. Earlier this year, Connecticut had to suspend vehicle emissions testing for several months, after the outside vendor that runs the program — Applus Technologies — was impacted by a malware attack. All four hacks came amid a constant hum of less-publicized intrusions, targeting entities such as computer manufacturer Acer, Apple Inc. supplier Quanta and, reportedly, the National Basketball Association. The barrage has sent many companies scrambling to implement best practices and bring their systems into compliance with certain standards, such as the Cybersecurity Maturity Model Certification. Meantime, state lawmakers recently passed a law that incentivizes companies to adopt cybersecurity frameworks prescribed by nationally-recognized organizations like the National Institute of Standards and Technology (NIST). Companies that enact such policies would be shielded from legal liability if their customers' data is exposed in a cyberattack, according to the law. "We've had a lot more cybersecurity-related inquiries, people looking for help," Parise said. "It's mostly companies that don't have the resources to do this on their own." Workforce development Developing more cybersecurity talent starts with higher education, where professors and administrators say they've seen an uptick in interest in the field in recent years, though still Shield Shortage With uptick in attacks, demand for hard-to-find cybersecurity talent grows Jim Parise ADNET Technologies co-CEO Christopher Luise at the company's new headquarters at 400 Capital Blvd., in Rocky Hill. The firm is launching a cybersecurity business known as MachBlue Defense. HBJ PHOTO | ZACHARY VASILE