Issue link: https://nebusinessmedia.uberflip.com/i/853654
www.HartfordBusiness.com • January 30, 2017 • Hartford Business Journal 13 Cybersecurity threat Manufacturers, others face growing 'ransomware,' 'phishing' attacks By Greg Seay gseay@hartfordbusiness.com I t was just after lunch on a warm day last July, when Empire Industries, a Manchester manufacturer of stain- less steel products and specialty fin- ishes, became a "ransomware'' target for the first time. "We were doing our work,'' said Empire's information technology (IT) manager Rich Shemanskis. "A couple of us noticed our files on our file server … names were being changed to random numbers. … I was in a panic.'' Empire and other manufacturers are espe- cially sensitive to "down time,'' so Shemanski says he got on the company's public-address system and ordered all Empire employees to immediately log off and shut down their laptop, notebook and desktop computers. Fortunately, the disruption to Empire's computer network was minimal, due to sepa- rately stored backup files, he said. Empire's episode is one that a growing number of individuals and companies, as well as local, state and national governments worldwide are encountering almost daily, cybersecurity experts say. "Ransomware'' describes pernicious software code that hackers, using corrupted emails and online links, penetrate victims' computer networks, to rename, erase or relocate crucial data files. Once infected, victims usually are strong-armed into pay- ing "ransom'' to get hackers to "unlock'' or restore hijacked files, said Matt Kozloski, vice president at Kelser Corp., an East Hartford data-security services provider who helped Empire get back up to speed following its failed cyberattack. Concerned about potential cybersecurity threats to the state's IT network and its pub- lic infrastructure, Connecticut last October became one of the first states to create an executive-level post, chief cyber security risk officer. Gov. Dannel P. Malloy named Arthur House, former chair of the state's utility over- sight agency and an ex-military intelligence officer, to the post. Under House, the state Public Utility Reg- ulatory Authority (PURA) last May unveiled a strategic plan that required all electric, water and telecommunications providers to put in place cybersecurity prevention and action plans. After reviewing it, House said Malloy decided many of its provisions should be applied to hardening the state's IT and infrastructure network. Eversource, which provides electricity and natural gas to thousands of central Connect- icut residential and commercial customers, said through spokesman Mitch Gross, that it has "a robust, comprehensive security program in place to protect against potential threats.'' Andrew Tyler (left) senior consulting engineer at East Hartford technology consultancy Kelser Corp., worked with Rich Shemanskis (right) information technology manager at Empire Industries, following the Manchester manufacturer's "ransomware" attack last July. Kelser teamed with Shemanskis on remediation efforts, including scanning for and removing malware and installing security measures and a next-generation firewall, in the hours and days following the attack. "Recognizing that technology is ever- evolving, we continue to work with the governor, state officials and security experts on this issue,'' Gross said. "This collabora- tion is vital to the protection of our electrical system." Clinton's Connecticut Water Co. says it invested last year more than $60 million in water treatment, aging pipeline replace- ment, cybersecurity and other improvement projects. In 2017, it will spend $46.7 million to continue enhancing system reliability, including protecting sensitive data. "The extent of vulnerability extends to just about everything,'' House said. "Our digital economy was made for speed, sharing and managing large volumes of data. It wasn't made for security. Security has to be added by the user.'' To that end, House, who reports to the state's chief information officer, Mark Ray- mond, said he has three priorities: craft and present by May a cybersecurity strategy for Connecticut's state and municipal govern- ments, businesses, higher education and law enforcement; devise an action-plan for implementing those strategies; and set up By the Numbers The amount of annual damages cybercrime is expected to cause by 2021, according to Cyber- security Ventures. $6 Trillion $81.6 Billion The amount spend on cyber- security products and services in 2016, according to Gartner. It et optatur empedici assusti onsequodita sitis quuntumquod eatissi dias volenitae sitia voles est ut plignient, sus.