A Letter from the Director
Thank you for an amazing year! Bye, bye 2018
The Louisiana Community and Technical College System (LCTCS) is committed to supporting manufacturers. One of LCTCS’ initiatives is to train a successful workforce. The system office works with each individual community college to create relevant, timely programs and services that address their specific industry needs. In support of these goals, we welcomed two new project managers to our team: Ms. Miriam Russell, who has been part of the manufacturing industry for 30+ years, worked with over 3,000 clients, and trained more than 5,000 individuals; and Mr. John Garrison, who has more than 15 years of experience executing projects such as visual management systems, work standardization, and enhanced facility layouts. Additionally, the search is ongoing for project managers to be located at the following colleges:
 
• Central Louisiana Technical Community College
• SOWELA Technical Community College
                 
Please visit https://www.lctcs.edu/human-resources/jobs for job descriptions and directions to apply.
 
As we wrap up 2018, I would like to reflect on the progress that we are making in Louisiana. The most recent IMPACT score is at its highest level in four years, which is a testament to the great work being accomplished by our team members. This year, we worked with more than 70 manufacturers, and most of them were “new” clients. Moreover, the surveyed manufacturers over the past four quarters reported the following:

·          More than 20 Million in Retained Sales
·          More than 12 Million in New Sales
·          More than 1,100 Created and Retained Jobs
·          More than 17 Million in New Investments
·          More than 10 Million in Cost Savings
·          More than 95% in Improved Competitiveness
·          A Net Promoter Score ® greater than 95%
 
Recently, Pat Toth, a Computer Scientist at NIST Manufacturing Extension Partnership (MEP) participated in an interview with Samm Bowman titled What Manufacturers Need to Know About Cybersecurity Right Now . Toth explains that according to the U.S. Department of Homeland Security, the “manufacturing industry is the second most targeted industry based on the number of reported cyber-attacks.” Fortunately, there are things that small and medium-sized manufacturers can do that are low-to no-cost and easy to implement like putting policies in place and educating employees. If a company is ready to improve its cybersecurity, it can start by utilizing the NIST Cybersecurity Framework which focuses on five simple steps: Identify, Protect, Detect, Respond, and Recover. This month’s Partner Spotlight features Ingalls Information Security, a Louisiana based cybersecurity services provider. Make sure you read their article which focuses on the Phishing Epidemic and how to protect your company even further.
 
I look forward to 2019 and to working with the MEP team to continue partnering with manufacturers across Louisiana, who are working each day to make a difference in the lives of our communities, state, country and world through innovative products, value-added processes, and economic impact.
 
Happy Holidays
Dr. Ali Ahmad , Director
Partner Spotlight
The Phishing Epidemic


It has been estimated that the annual global cost of cybercrime will reach $6 trillion by 2021. This staggering number will make cybercrime more profitable than the sale of all illegal drugs combined.
 
Why is Cybercrime so Commonplace?
It is reasonable to ask, what are the factors that are contributing to the growth in cybercrime? One element is the significant increase in hostile nation state and organized group’s cybercrime activity, another is the fact that online crime is becoming easier through turnkey offerings of cybercrime-as-a-service. In addition, as we become more and more reliant on technology, as technology becomes an even greater part of lives and as the interconnectivity of these devices grow, we will have an expanded cyber-attack surface that is exponentially larger than it is today. Cybercrime is also growing at such a pace because it offers low risk and high yield, cybercriminals can make large amounts of money with minimal effort and little risk of being caught or prosecuted.
In the world of cybercrime there a few notable trends. 
 
Ransomware is now a global phenomenon with known attacks out-numbering the hundreds of thousands. With the massive rise in the value of crypto-currency, we also see attackers shifting to crypto-mining and with the theft of processing power that can result, we know this threat can cause significant operational disruption. Attackers are also increasingly injecting malware into the supply chain. Frequently this is achieved by hijacking software updates, giving attackers an entry point into what might otherwise be a well-protected environment. 
With these trends, email-based Phishing is one of the common elements the attacker uses to gain a fraudulent foothold. It’s likely that if you’re going to be attacked, chances are the initial compromise is going to be created by phishing, rather than anything technically sophisticated.

Let’s go Phishing
Within this epidemic of phishing, we can see that the tactics used by the attackers are evolving.
Phishing attacks are becoming more targeted. Although we still see mass-generated generic phishing emails, we are increasingly seeing targeted attacks that are customized to the user and the organization. Impersonating the Microsoft brand has been a Phisher’s favorite in 2018. The primary goal of Microsoft phishing attacks is to harvest Office 365 credentials because with a single set of credentials, hackers can gain access to a ton of confidential information stored in O365 applications. Attackers are also increasingly launching phishing attacks that are hosted on Web sites that have HTTPS and SSL certificates. 
So why is Phishing such a successful attack method? Phishing is successful because it plays on people’s natural curiosity. It also is so effective because it takes advantage of a person’s tendency to react without thinking logically.
 
Defense in Depth – Human and Technical Solutions
So how do we counter the Phishing Threat? 
 
One powerful way to combat the Phishing Threat is to perform Security Awareness Training. In addition to sharing education on general Information Security best practices, employees should also be trained on how to recognize and react to phishing emails. As a totality of effort, an annual security awareness course will not be effective in changing employee behavior and so some type of education information should be shared frequently across multiple communication channels. Company newsletters, the intranet, collaboration hubs, anywhere employees congregate and collaborate can be a valuable placement for phishing education.
 
In addition to educating users about how to recognize and respond to phishing emails, it is also important to perform simulated phishing testing so that you can assess your employees’ level of awareness. As with the training, simulated phishing is most effective when it is administered often. 
 
However, security training is only one part of the solution to the Phishing Epidemic. As companies increasingly adopt web-based email solutions, it is critical they also implement multi-factor authentication (MFA). In addition to correctly entering a username and password, MFA requires users to enter an additional piece of information typically shared via text message, a phone call, or a smartphone application. MFA provides strength because it protects against compromised credentials, weak passwords and users’ tendency to re-use passwords across multiple applications.
 
Companies should also fully utilize the auditing and logging security features of their email platform. Monitoring for suspicious user and login activity can be key early warning signs of a successful phishing attack. As said by the wise folks at SANS, Prevention is Ideal, but Detection is a Must. By monitoring network and endpoint activity, you are well positioned to quickly detect and proactively respond to an attack early in the cyber kill chain.
 
It’s important to remember the strategies used by cybercriminals are becoming more sophisticated and the risk of experiencing a Phishing attack continues to evolve. To manage this changing threat environment, it is necessary for companies to maintain a current and prioritized understanding of their cybersecurity risks and to have a defense in depth approach to cybersecurity risk mitigation.
Ingalls Information Security is a Louisiana based cybersecurity services provider, offering Advanced Network and Endpoint Monitoring, Incident Response, Phishing Email Helpdesk Services, Security Awareness Training and Simulated Phishing Testing, Technical Testing, and Consulting and Risk Management. Visit their website or call 877-461-4488 for additional information.
December 2018: Face of Manufacturing
“Over time, I’ve learned most of the business by taking on more responsibilities during the oil and gas downturn.”

Employed with Extreme Machine & Urethane since 2012, Clayton feels lucky that he was kept on with the team where he was given the opportunity to grow and expand his role as Procurement Specialist.

As the Procurement Specialist at Extreme Machine & Urethane located in Youngsville, Louisiana, Clayton Plaisance is responsible for all of the outside services related to a product from start to finish. From ordering the materials to shipping the product to the customer, Clayton has learned the majority of the ins and outs of the machine shop’s everyday business. “I’ve learned most of the business, except for the actual machining – that’s not my thing,” Clayton said with a laugh.

In 2012 as a senior in high school, Clayton got his start with the machine shop by sweeping the floors and as a shop hand, but quickly learned he was not mechanically-inclined and needed to find a different niche within the company. Once the Procurement Specialist retired in 2014, Clayton knew this was a role he was confident in filling where he could show value. After the worst of the oil and gas downturn in the Lafayette area around 2014, the oilfield parts manufacturer was only able to keep five employees including Clayton, from a staff of 30. Because of his tenure with the company, Clayton feels he has become “part of the family and not just a number”, which is for him a huge perk of working in a family-owned business. Now that the company is back up and running at full capacity with 11 full-time employees, Clayton has taken on even more responsibility in his role. From job ordering to shipping and receiving, Plaisance has made his mark on the small manufacturing business in a not-so-typical role.
Located in Youngsville, Louisiana, Extreme Machine & Urethane is family owned and operated and specializes in oilfield tool manufacturing and custom molding urethane production. Through the use of Computer Numerically Controlled (CNC) machines and keeping up to date on computer CAD/CAM software, the team proficiently executes placed orders to service the South Louisiana oilfield. 
To nominate the next Face of Manufacturing, click the button, fill out the form and return to kayla.gentry@mepol.org !
What's Happening in the MEP National Network?
NIST MEP Emerging Leaders Meeting in Denver, CO

The Emerging Leaders Program is a year-long program consisting of interactive workshops, opportunities for situational learning, web casts, join projects and mentoring for the candidate. The Emerging Leaders program is an opportunity to provide candidates with informed, innovative ideas, best practices and recommendations that focus on the management and leadership strategies specifically related to the MEP and the National Network.

On November 6th and 7th, MEP of Louisiana Director, Dr. Ali Ahmad, attended the Emerging Leaders Class kick off session. At the end of this program, Dr. Ahmad will have the ability to identify and draw on best practices from around the Network, help develop creative new solutions to the MEP of Louisiana challenges, be in a stronger position to help with managing and supporting the MEP of Louisiana day-to-day operations, and connect and build relations with other Center staff.

Learn more about the   MEP National Network