• Twitter
  • Facebook
  • Instagram
  • Linkedin
  • RSS
  • Sign In
  • My Account
High-Profile MonthlyThe Source for AEC Industry News
  • All News
      • Up Front
      • Groundbreaking
      • Topping Off
      • Ribbon Cutting
      • View All Up Front Stories
      • 1385 Progress Plans 1-9-23Erland Partners with Lighthouse School on New Breakwater House
      • Special Features
      • Contributor
      • Green
      • J.E.D.I.
      • Mechanical / Electrical / Plumbing (MEP)
      • Vision
      • Women In Construction
      • Regions
      • Connecticut
      • Northern New England
      • Popular Sectors
      • Cannabis
      • Corporate
      • Education
      • Healthcare
      • Interiors
      • Landscape/Civil
      • Life Science
      • Multi Residential
      • Restoration/Renovation
      • Retail/Hospitality
      • Senior/Assisted Living
      • Technology & Innovation
      • Other News
      • Awards
      • Community
      • COVID-19
      • Mixed-use
      • Municipal
      • National/International
      • Organizations and Events
      • People
      • Philanthropy
      • Products and Services
      • Real Estate
      • Training and Recruitment
  • Subscribe
  • Next Issue
  • Archive
  • Advertise
  • Podcast
  • Events
    • Industry Events
    • A/E/C Associations
High-Profile Monthly
  • All News
      • Up Front
      • Groundbreaking
      • Topping Off
      • Ribbon Cutting
      • View All Up Front Stories
      • 1385 Progress Plans 1-9-23Erland Partners with Lighthouse School on New Breakwater House
      • Special Features
      • Contributor
      • Green
      • J.E.D.I.
      • Mechanical / Electrical / Plumbing (MEP)
      • Vision
      • Women In Construction
      • Regions
      • Connecticut
      • Northern New England
      • Popular Sectors
      • Cannabis
      • Corporate
      • Education
      • Healthcare
      • Interiors
      • Landscape/Civil
      • Life Science
      • Multi Residential
      • Restoration/Renovation
      • Retail/Hospitality
      • Senior/Assisted Living
      • Technology & Innovation
      • Other News
      • Awards
      • Community
      • COVID-19
      • Mixed-use
      • Municipal
      • National/International
      • Organizations and Events
      • People
      • Philanthropy
      • Products and Services
      • Real Estate
      • Training and Recruitment
  • Subscribe
  • Next Issue
  • Archive
  • Advertise
  • Podcast
  • Events
    • Industry Events
    • A/E/C Associations
Contributor

Cybersecurity for AEC Firms

June 28, 2022

by Nathaniel C. Gravel

With news headlines filled with reports of cyberattacks shutting down everything from fuel pipelines, to food distribution, to internet services, it is not unthinkable that your architectural firm, engineering firm, or construction company could become the next victim. Increasingly sophisticated cyber criminals have the technology and resources to attack any organization, of any size, in any location. The most common forms of attack include phishing or malicious email, data compromise and exfiltration, credential theft, and ransomware.

The size of your firm or the nature of architectural, engineering or construction work are no guarantee of safety. In 2020, a ransomware attack forced a London-based architectural firm to take its network offline. The cyber criminals attempted to extort money after stealing confidential information. Although the firm’s data was backed up, it lost several days of work and was unsure of how much information had been stolen or that additional ransom demands would not be made in the future.

This example of a business being targeted by unscrupulous cyber criminals hits home for architectural and engineering firms, demonstrating the need for firms of all sizes to invest in cybersecurity defense and security awareness training. Half of all small- and medium-sized businesses that suffer a cyberattack go out of business within six months. At the very least, your business is going to suffer a period of disruption that can range from being a nuisance to complete shutdown.

What can you do to protect your firm against a cyberattack? Here are five steps to take to become more resilient to cyberattacks.

  1. Gap Assessment – The first thing to do is identify the places and ways a cybercriminal might be able to access your system. An end-to-end review of vulnerabilities, which should include a penetration test, will give you a basis for deciding where you need to shore up your defenses.
  2. Employee Training – With 95% of intrusions being made through individual error, it is essential that you implement a formal training program for all staff members. A training “stack” can help better prepare your people to recognize phishing attempts, spoofed emails, and suspicious attachments. Be sure to include refresher training, as threats are constantly changing and becoming more sophisticated.
  3. Testing – Don’t just assume your systems are secure and employees are following the rules they have learned. Regular vulnerability assessment, penetration testing, and simulated phishing exercises will help identify and close control gaps before attackers are able to exploit them.
  4. Patching – If you are still running an older version of any type of software you should immediately update to the latest version, which should include patches and security updates.
  5. Layered Security/Defense in Depth – Many companies are still taking an unbalanced approach to defining and implementing their cybersecurity strategy, putting too much confidence in too few security measures, most of which are geared toward preventing cyberattacks. A well-balanced cybersecurity strategy looks beyond simple preventative controls to also consider the organization’s detection and response capabilities. A more comprehensive security strategy generally leads to better investments and an overall improvement in the organization’s security posture.

With odds seemingly stacked in favor of hackers and cyber criminals, it is only a matter of time before your organization falls victim to an attack. But a comprehensive cybersecurity strategy and a well-implemented information security program can help you minimize the impact to your organization and get you back to business quickly.

Nathaniel C. Gravel

Nathaniel C. Gravel, CISA, CISM, CRISC is a cybersecurity expert and consultant with Gray, Gray & Gray, LLP.

Cybersecurity HPNews
    FacebookTwitterLinkedInEmail

You may also like

Contributor • Interiors

Workplace Decisions: Should We...

September 22, 2023
Contributor

Ask the Electrician: Arc Flash...

September 21, 2023
Contributor • Education • MEP

Fast-track Construction Provides a...

September 14, 2023
Contributor

Envisioning the Future of...

August 29, 2023
Contributor • Education

College Campuses and the Power of...

August 28, 2023
Contributor • Education

Adapting to the Seasonal...

August 28, 2023
Contributor

Little Seeds, Big Potential: Dacon...

August 24, 2023
Contributor

What I Learned from the 10,000th...

August 24, 2023

View the September 2023 issue!

Read HP’s 2023 MEP issue!

Read HP’s 25th Anniversary Issue now!

Read the WIC 2023 Supplement!

Check out the 2022 Annual Green Supplement!

Read our annual supplements!

  • Green2022.png
  • WIC2023.png
  • MEP2023-2.png
  • Vision-2019.png

HIGH-PROFILE MONTHLY
615 School St.
Pembroke, MA  02359
Phone: 781 294 4530
Fax:  781 293 5821
info@high-profile.com

Quick Links

  • About Us
  • Contact Us
  • Subscribe
  • Advertise
  • My Account

Stay Informed

Sign up for Fast Facts Friday, our weekly e-newsletter, and stay up-to-date with the latest industry news!

Sign up
Subscribe to High-Profile Monthly to receive an email notice of each new article!
Loading

Copyright © 2023 High-Profile Monthly.

  • Twitter
  • Facebook
  • Instagram
  • Linkedin
  • RSS
  • Sign In
  • My Account