535 Connecticut Ave. Suite 104
Norwalk, CT 06854
Empire State Building
350 Fifth Avenue, 59th fl.
New York City, NY 10118

Featured Article

December 07, 2017

Is Your Business Aligned with Connecticut's Cybersecurity Strategy?

This past summer, Connecticut Governor Dannel Malloy made headlines when he announced the release of the Connecticut Cybersecurity Strategy.

The Connecticut Cybersecurity Strategy was created by the Department of Administrative Services (DAS) in conjunction with Chief Cybersecurity Risk Officer Arthur House and Chief Information Officer Mark Raymond.

This document offers seven tips that businesses, government agencies and individuals can use to fortify their cyberdefenses.

“We receive daily reminders that we are living in a time of cyber insecurity, and we need to be proactive in this effort,” Governor Malloy stated following the announcement. “The federal government, our national intelligence, and homeland security officials are doing their part, but states have a vital role to play. Connecticut is leading the way in taking action that will allow us to be prepared for any contingency and safeguard our residents from cybersecurity threats to critical infrastructure. I am grateful to Arthur House, DAS Commissioner Melody Currey, and CIO Mark Raymond for their work in this effort, and also to those in government, business and education who helped them produce this important first step toward a safer Connecticut.”

Some of the steps discussed in the strategy include:

  • Literacy: The document explains how a “literate, mindful citizenry and workforce create a strong cybersecurity culture.” To improve literacy, organizations should have things like cybersecurity training and education; best practices and risk mitigation; and a strong focus on cybersecurity during auditing.
  • Leadership: Executive leadership and awareness are also critical for cybersecurity.
  • Preparation: All organizations should conduct risk assessment; train constantly to thwart attacks; have a dedicated incident response center; and have continuity and backup plans in place.
  • Recovery: “Recovery operations must be as nimble as Response operations, because consequences of attacks are increasingly difficult to predict,” the report explains. Recovery requires conducting damage identification; investigation; root cause analysis; eradication of the threat; and creating post-attack summaries to mitigate future issues.

Response, communication and verification are also mentioned as important cybersecurity steps.

Check out the document for yourself by clicking here.

More recently, it should be noted, a coalition of federal, state and local law enforcement officials in Connecticut announced the creation of a new Connecticut Cyber Task Force. This task force, which is based out of New Haven, is investigating crimes that take place in cyberspace. This task force contains representatives from the Drug Enforcement Administration; U.S. Postal Inspection Service; U.S. Secret Service; Internal Revenue Service; Criminal Investigation and Defense Criminal Investigative Service; Homeland Security Investigations and Connecticut State Police. The task force also contains representatives from 11 local police departments.

This task force is focusing on identifying and disrupting criminal organizations that target companies with cybercrime. The group is also focusing on targeting criminal activity on the dark Web.  

Of course, government agencies can only do so much to protect businesses from cybercrime. It’s great to see things like the Connecticut Cybersecurity Strategy, and the above-mentioned task force. But ultimately, businesses must protect themselves from cybercrime by following best practices and avoiding online threats.

One of the best ways to fortify your business is to work with a managed services provider like Apex Technology Services, a local company offering premier cybersecurity education and training, real-time threat mitigation and long term cybersecurity planning services.

To learn more about how Apex can help your business stay safe online, click here.

Here are some of the areas all organizations looking to promote a cybersecurity culture need to focus on.

1.    Cybersecurity training must be done regularly.

2.    Auditing and documentation must be performed regularly to ensure systems are secure.

3.    Anomaly detection should be running constantly to detect threats as they emerge.

4.    Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.

5.    Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.

6.    An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.

To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.







Related Articles