CBIA and CONNSTEP hosted a panel discussion on cybersecurity Oct. 12 for small and midsize Connecticut manufacturers.
The packed room heard from industry experts on how to best protect their businesses and employees from cyberattacks.
The panel included David Huang, assistant U.S. attorney; Carl Jackson, engineering director, Sikorsky, a Lockheed Martin Company; Garry Feldman, president, U.S. Computer Connection; Ray Swanson, president and general manager, Tornik; and Jean Lehman, NIST Standards project manager, Polaris MEP.
Jackson, who has worked in various roles for Sikorsky and has over 37 years of experience in engineering and information technology, suggested all businesses take a risk-based approach to their cybersecurity needs.
"Conduct a risk assessment of your organization by identifying vulnerabilities and points of access," he said.
Companies should then prioritize and establish steps to address each one, he said.
First Line of Defense
Jackson explained that employees are the first line of defense when it comes to cyberattacks.
They need to be educated on strong online behavior measures to deter rogue activity.
"To build a cybersecurity culture, you have to talk about it," said Feldman, adding that conversations with employees are critical to controlling risk.
Feldman's organization, U.S. Computer Connection, has provided cybersecurity help to small businesses for over 20 years.
You need to take steps at every level to protect yourself in the supply chain.
The company's data, assets, and proprietary customer information were hacked and held for ransom by cyber thieves using malware.
After struggling for two days with his IT team to access encrypted files, they were ultimately unsuccessful and ended up paying the ransom.
Fortunately, all but three files were released, but the very next day, the cyber criminals attempted to access Tornik's network again. The company, however, now had strong protection systems in place to prevent it.
Swanson also stressed the importance of having a cybersecurity plan in place and Huang agreed.
Initially, Swanson did not have a plan and it almost cost him his business.
The company changed protocols, installed a backup system and better firewalls, implemented cloud-based services, and educated all employees on smarter prevention measures.
"Before your organization gets hacked, prepare and practice your incident response plan," Huang said.
He added that law enforcement, particularly the FBI, can help but an organization's response plan is top priority when it comes to recovering from an attack.
Lehman advised manufacturers to reframe their mindset when it came to cybersecurity.
"You need to take steps at every level to protect yourself in the supply chain," she said.
She added that protecting assets, particularly cybersecurity, should be a key part of risk management when it comes to working with vendors.
CONNSTEP helps manufacturers better understand cyberthreats and ensure compliance with minimum federal standards. For more information, visit connstep.org.