Issue link: https://nebusinessmedia.uberflip.com/i/853654
14 Hartford Business Journal • January 30, 2017 • www.HartfordBusiness.com Are you one of the To learn more about the Best Places To Work Program and to register your company, visit: WWW.BESTCOMPANIESGROUP.COM NOMINATION DEADLINE: OCTOBER 6, 2017 BEST PLACES TO WORK IN CONNECTICUT employers in CT? BEST an emergency response/recovery drill for the state. "We've never had a cyberattack in Con- necticut on any of our infrastructure,'' House said. "We need to figure out what that might entail. Nothing is impenetrable." Not an 'IT' problem According to House, there are 2.4 billion online connection attempts monthly onto state-government's computer network from external sources. Of those, about 53 percent, or 1.26 billion, are blocked by the state's "boundary-security'' software; the rest are allowed in, he said. Also, about 4 million emails a month ar- rive on the state's network, House said, but about one in four don't get through, likely because software screens expose them as nefarious "phishing'' attempts to pilfer user's logins, passwords and other sensitive or proprietary data. Moreover, the state's digital screens snare around 2,400 attempts monthly to insert malignant software, or "malware,'' onto its network. "We rely on state employees to be vigilant,'' the state cybersecurity chief said. "If it looks suspicious, don't open it." "The question is how good is your secu- rity?'' House added. "This is no longer an 'IT problem.' It's a mistake some people make. … Penetration can come to any employee in a company and spread to management. It's like saying only the lawyers in a company have to worry about the law.'' That's the message Shemanskis says is being drilled more intensely into Empire Industries' employees, along with other cyberdeterrents. Since Empire's cyberattack, Shemanskis says he has heard of other local companies' IT networks being breached. However, those firms he didn't identify "ransomed'' back ac- cess to their corrupted data, he said. Small and medium-sized businesses are now the target of 65 percent of cyberat- tacks. With Kelser's help, Empire Industries installed a security-monitoring system that tracks every circuit connection in its data network, down to the printers -- "anything you can connect to the network,'' Sheman- skis said. Fortunately, he said, none of Empire's automated equipment is linked via the internet, a potentially disastrous union that hackers could exploit to damage equipment or disrupt production. Kelser's Kozloski warns, however, that the prospect of hackers taking control of equip- ment or processes should be a big concern to any manufacturer. "If you can hold software hostage,'' he said, "what's to keep them from holding manufac- turers' equipment hostage?" Effective firewalls In working with clients, mainly mid-size firms with 150 to 300 employees, Kelser focuses first on prevention, then detection. The firm also provides remediation/recovery services. • Theft of intellectual property • Phishing, pharming and other related variants • Increasing sophistication and proliferation of threats • Security breaches involving third party • Social engineering • Employee errors and omissions • External financial fraud involving information systems • Employee abuse of IT systems and information • Mobile devices (e.g., smartphones, tablets) • Attacks exploiting mobile network vulnerabilities "Source: Cyber risk in advanced manufacturing survey, Deloitte and the The Manufacturers Alliance for Productivity and Innovation" Top 10 cyberthreats facing manufacturers HBJ "Our digital economy was made for speed, sharing and managing of large volumes of data. It wasn't made for security. Security has to be added by the user." – Arthur House, Connecticut's first chief cybersecurity risk officer