INDepth: Cybersecurity makes for good business, good government | Indiana
GOSHEN — Cybersecurity firms are helping to create jobs across the Hoosier state.
Dennis Trinkle is senior vice president for Talent, Strategy, and Partnerships for Indianapolis-based TechPoint.
“Cyber jobs currently rank in the top three of most in-demand talent, and the rise of attacks and the proliferation of new AI-driven threats almost guarantee this continued growth,” Trinke said by email. “This means that if you’re considering a career in cybersecurity, now is a great time to get involved.”
Trinkle said that three significant cybersecurity risks exist for most organizations:
• Social engineering attacks, which are gaining access by manipulating employees or techniques like phishing;
• Ransomware, which is a rapidly growing risk. Leading hospitals and financial/insurance institutions in Indiana have recently been attacked.
• Artificial intelligence, which will present new forms of attack that can’t yet be identified. There are many weak spots in AI platforms that have yet to be identified and exploited.
“These vulnerabilities are very real threats here at home in Indiana as well as throughout the world,” Trinkle said. “Consequently, cybersecurity is a rapidly growing industry, with high demand and investment at the national level that is mirrored in our local job market.”
According to the Indiana Economic Development Corporation, 10,859 people were employed in Indiana as cybersecurity and systems engineers as of 2023, with a projected increase of 2.9% expected for 2024.
“More than 20,000 cybersecurity job openings are available throughout Indiana and the number will continue to grow as new technology emerges,” according to the state’s website.
Craig Lubsen of the The Indiana Office of Technology said by email that the centralized technology provider for state government, is constantly working to maintain a leg-up on cybersecurity defenses.
“We are also working with local governments to assist them by providing no-cost or low-cost services that can improve security and their citizen experience,” he said. “Indiana received approximately $20M from the federal Infrastructure Investment and Jobs Act for cybersecurity through the State and Local Cybersecurity Grant Program. IOT is working with a core group of municipal IT leaders to purchase shared services that will significantly enhance local government defenses.”
Lubsen added that digital transformation is “now a necessity” for businesses and municipalities in Indiana.
“However, this increased reliance on technology also means that cybersecurity threats have become more frequent and sophisticated,” he said. “In response, organizations must invest heavily in cybersecurity measures to ensure their digital infrastructure remains secure. This is not just about data protection but also ensuring uninterrupted operations in critical sectors such as healthcare and public services.”
LOCAL AND STATE LEVELS
The city of Goshen has about 300 employees and most have access to email and the internet.
“Although the city of Goshen has been able to implement safeguards and has not been the victim of a major cybercrime, the threat is real and growing,” Goshen Clerk-Treasurer Richard Aguirre said by email, citing a recent cyberattack at Lake City Bank last year. “The bank announced in July that it was a victim of international wire fraud that cost the company more than $18 million.”
As cyberattacks are intensifying and some government agencies have suffered losses, the cost of cyber insurance has increased, Aguirre said. As a result, the city’s cyber insurance policy has been raised by double digits in each of the past two years.
“The city has increased its computer security measures, including the aggressive filtering of spam emails, more frequently changing of our passwords and constant education and testing of our resistance to fraud attempts,” Aguirre said. “City employees are sent emails that mimic fraud attempts, and that if real, could be dangerous. Employees who fall for one of these “fraud” emails are informed that they have flunked a test and are required to take an online course to help them do better next time. And there will be another test soon.”
On May 15, The Ascension St. Vincent health care network sustained ransomware attack that affected network systems tracking test results, procedures and medications, as reported by the Herald Bulletin in Anderson. The network owns and operates more than 350 hospitals and urgent care centers in Indiana. Staff members at many of those locations had to turn to manual and paper-based systems of record keeping while fixes were developed to restore online systems.
Aguirre notes that these attacks are potentially sent out to anyone who has an email address and a computer.
“For the city, we have a wide range of employees and it’s safe to say that if a person’s city email address is accessible online — and most city employee email addresses are widely available so they can be contacted by the public for help — there have likely been repeated attempts to target those employees,” he said. “Some city offices and departments would be more vulnerable than others. Among the most vulnerable is the clerk-treasurer’s office because my office has access to a wide range of sensitive information, including employee records, and coordinates all funds that flow into or out of the city of Goshen.”
On a weekly basis, Aguirre himself receives scam emails from people posing as city employees, including one such fraud attempt from a person posing as a Goshen Police Department captain.
“They write that they have changed banks and want their payroll checks deposited into a different bank account,” he said. “This is a straight-up fraud attempt, but to the best of my knowledge, we haven’t fallen for this scam. Scammers have also sent me emails posing as the mayor. They have stated that they have an emergency and need me to transfer funds to a certain account immediately. Of course, I ignore these requests, but they are getting more convincing.”
In another recent instance, one of the city’s employees was sent an email by the “Mayor” asking for a wire transfer to be sent to a vendor’s account to satisfy a required payment. The employee didn’t notice that this was a fraud attempt and sent back an email to the “Mayor” reminding her of the proper procedures for sending wire payments.
“Unfortunately, the employee copied me on that message,” Aguirre said. “A few hours later the scammer (still posing as the mayor) sent me an email requesting that the wire payment by made. Of course, I ignored the message. But now that scammer has my name and email address, as well as the verified contact information for the office employee and the scammer knows a little more about our payment procedures. So, both of us will get even more fraudulent emails demanding money in the future.
“This is why we have to be extremely careful and constantly verify that a real person has sent an email, often by calling them. Fortunately, there are multiple levels of review, so we have not been scammed. However, it’s always a risk, so we have to be careful, especially when it comes to payments.”
Aguirre cited in a case reported in 2022, where authorities in Warsaw confirmed that Kosciusko County government experienced the theft of $313,951.90 in the form of a fraudulent electronic payment request. The perpetrator posed as a legitimate vendor for county government and requested direct deposit payment of invoices into a new bank account.
By the time the fraud was detected, the funds had been removed from the new bank and the perpetrators could not be found.
“Earlier, this fall, the Common Council approved Mayor Gina Leichty’s proposal to create a city Information Technology Department,” Aguirre said. “Up to now, the city has had 2.5 technology employees — one for the Police Department and 1.5 for the rest of the city. That means 2.5 employees were trying to meet the complex technology needs of about 300 city employees. Up to now, our tech staff was part of the Engineering Department.”
Aguirre said that Leichty persuaded the council to pull together the existing staff people in information technology and add a full-time director of technology and a full-time technology specialist to help bolster the strength of that new department.
“Among other things, the city will be able to improve the city’s defenses against cyberattacks as well as increase employee awareness and education,” he said. “The city has had a cyber team, which included various employees. I believe the additional Technology Department staff will help the city to greatly improve our safeguards.”
Aguirre reiterated that cyberattacks are not limited to businesses or government agencies.
“Everyone with a smart phone, computer or email account should be concerned about cyberattacks and learning how to avoid becoming a victim of criminal activity and the theft of personal information,” he said. “Much as I wish this wasn’t the case, all of us can be victims of computer crimes at any time. So, I hope people will learn more about how to protect their information and funds. And I hope they will understand that the city is doing all if can to do the same and will support our efforts.”
To learn more, visit www.in.gov/cybersecurity.