GOSHEN — Cybersecurity companies are helping to create jobs across Indiana.
Dennis Trinkle is senior vice president of talent, strategy and partnerships at Indianapolis-based TechPoint.
“Cyber jobs currently rank among the top three most in-demand talent, and this continued growth is almost certain due to an increase in attacks and the proliferation of new AI-enabled threats,” Trinke said in an email. “So if you're considering a career in cybersecurity, now's a great time to get in.”
Trinkle said there are three major cybersecurity risks for most organizations.
• Social engineering attacks, Those that gain access through techniques such as employee manipulation or phishing.
• Ransomware, This is a rapidly growing risk: major hospitals and financial institutions/insurance companies in Indiana were recently attacked.
• artificial intelligence, This will lead to the emergence of new forms of attacks that have yet to be identified: there are many weaknesses in AI platforms that have yet to be identified and exploited.
“These vulnerabilities are a very real threat, not just within Indiana, but around the world,” Trinkle said. “As such, cybersecurity is a rapidly growing industry with high demand and investment at the national level, which is reflected in the local job market.”
According to the Indiana Economic Development Corporation, 10,859 people will be employed as cybersecurity and systems engineers in Indiana as of 2023, with a projected growth of 2.9% in 2024.
“There are more than 20,000 cybersecurity jobs available across Indiana, and that number will continue to grow as new technologies emerge,” the state's website says.
Craig Lubsen of the Indiana Technology Agency said in an email that centralized technology providers for state government are constantly working to maintain an edge in their cybersecurity defenses.
“We also support local governments by providing free or low-cost services that improve security and resident experience,” he said. “Indiana has dedicated nearly $20 million from the federal Infrastructure Investment and Jobs Act to cybersecurity through the State and Local Cybersecurity Grant Program. IOT is working with a core group of local government IT leaders to purchase shared services that will significantly strengthen their defenses.”
Lubsen added that digital transformation is “now a necessity” for Indiana businesses and municipalities.
“But our increased reliance on technology also means that cybersecurity threats are becoming more frequent and more sophisticated,” he said. “In response, organizations must invest heavily in cybersecurity measures to ensure their digital infrastructure is safe. This is not just a matter of data protection, but also about ensuring uninterrupted operations in critical sectors such as healthcare and public services.”
Local and state levels
The city of Goshen has about 300 employees, most of whom have email and internet access.
“While the City of Goshen has taken precautions to protect itself and has not been the victim of a major cybercrime, the threat is real and growing,” Goshen City Clerk-Treasurer Richard Aguirre said in an email, pointing to a recent cyberattack last year on Lake City Bank. “In July, the bank announced it had been the victim of an international wire fraud attack, suffering losses of over $18 million.”
The cost of cyber insurance has increased as cyberattacks have intensified and caused losses to some government agencies, Aguirre said, and as a result, the city's cyber insurance premiums have increased by double digits each of the past two years.
“The city has strengthened its computer security measures, including aggressive filtering of spam emails, more frequent password changes, and ongoing education and testing on fraud resistance,” Aguirre said. “City employees have been receiving emails that mimic scams, but if they are real, they are dangerous. Employees who fell for these 'scam' emails have been informed that they have failed the test and are asked to take an online course to do better next time, and another test will be administered soon.”
On May 15, the Ascension St. Vincent Healthcare Network reportedly suffered a ransomware attack affecting network systems that track test results, procedures, and medications. Herald Bulletin in Anderson. The network owns and operates more than 350 hospitals and urgent care centers in Indiana. Until fixes were developed to restore online systems, staff at many facilities were forced to rely on manual and paper-based record-keeping systems.
Aguirre noted that such attacks could be sent to anyone with an email address and a computer.
“We have a variety of city employees and I can safely say that if city email addresses are accessible online, there have probably been repeated attacks targeting those employees. Most city employee email addresses are widely public and the public can contact them for help,” he said. “Some city offices and departments are more vulnerable than others. The most vulnerable is the Clerk-Treasurer's office because my office has access to a wide range of sensitive information, including employee records, and we manage all funds flowing in and out of the City of Goshen.”
Aguirre himself receives scam emails on a weekly basis from people posing as city employees, including one from someone posing as the Goshen police chief.
“They say they've changed banks and want their paychecks deposited into a different account,” he said. “This is clearly a scam, but as far as I know, we have not fallen for it. I've also had scammers email me posing as the mayor, saying they have an emergency and want funds deposited immediately into a specific account. Of course, I ignore these requests, but they are becoming more and more persuasive.”
In another recent case, one of the city’s employees received an email from the “Mayor” requesting that he make a wire transfer to a vendor’s account to satisfy a required payment. The employee, unaware that this was a fraudulent activity, responded to the “Mayor” and reminded him of the proper procedure for wire transfers.
“Unfortunately, the employee also copied the message to me,” Aguirre said. “A few hours later, the scammer (still posing as the mayor) emailed me and asked for a wire transfer. Of course, I ignored the message, but now the scammer has my name and email address, the employee's verified contact information, and knows a little more about our payment process. So we will both be receiving more scam emails asking for money.”
“That's why we have to be very careful and always verify that it's a real person who is sending us an email, and often we also make a phone call. Luckily, we have a multi-step verification process, so I've never been scammed. But there's always a risk, so you have to be careful, especially when it comes to payments.”
Aguirre cited a reported incident in 2022 in which Warsaw authorities confirmed that the Kosciusko County government experienced the theft of $313,951.90 in the form of fraudulent electronic payment requests. The perpetrators posed as legitimate vendors for the county government and requested that invoice payments be directly deposited into a new bank account.
By the time the fraud was discovered, the funds had been withdrawn from a new bank and the culprits were never found.
“Earlier this fall, the City Council approved Mayor Gina Leichty's proposal to create a city information technology department,” Aguirre said. “Previously, the city had 2.5 technology employees — one in the police department and 1.5 in other city departments. That means 2.5 employees trying to serve the complex technology needs of approximately 300 city employees. Previously, our technology employees were housed in the Engineering Department.”
Aguirre said Leichty persuaded the council to bring together existing information technology staff and add a full-time technology director and full-time technology expert to help bolster the new division.
“Among other things, it will strengthen the city's defenses against cyber attacks and increase employee awareness and education,” he said. “The city had a cyber team that included a variety of employees. I believe that adding technology employees to the mix will greatly improve the city's security posture.”
Aguirre reiterated that cyber attacks are not limited to businesses or government agencies.
“Anyone with a smartphone, computer or email account should be concerned about cyberattacks and learn how to avoid becoming a victim of criminal activity or identity theft,” he said. “As much as I wish it were never this way, any of us can become a victim of computer crime at any time, so I hope people will learn more about how to protect their information and funds, and know that the city is doing all it can to support our efforts.”
For more information, visit www.in.gov/cybersecurity.