• Twitter
  • Facebook
  • Instagram
  • Linkedin
  • RSS
  • Sign In
  • My Account
High-Profile MonthlyNew England Facilities Development News
  • All News
      • Up Front
      • Groundbreaking
      • Topping Off
      • Ribbon Cutting
      • View All Up Front Stories
      • Robert L. MarrMarr Companies’ Robert L. Marr Dies at 86
      • Special Features
      • Contributor
      • Green
      • J.E.D.I.
      • Mechanical / Electrical / Plumbing (MEP)
      • Vision
      • Women In Construction
      • Regions
      • Connecticut
      • Northern New England
      • Popular Sectors
      • Cannabis
      • Corporate
      • Education
      • Healthcare
      • Interiors
      • Landscape/Civil
      • Life Science
      • Multi Residential
      • Restoration/Renovation
      • Retail/Hospitality
      • Senior/Assisted Living
      • Technology & Innovation
      • Other News
      • Awards
      • Community
      • COVID-19
      • Mixed-use
      • Municipal
      • National/International
      • Organizations and Events
      • People
      • Philanthropy
      • Products and Services
      • Real Estate
      • Training and Recruitment
  • Subscribe
  • Membership
  • Next Issue
  • Archive
  • Advertise
  • Podcast
  • Events
    • Industry Events
    • A/E/C Associations
High-Profile Monthly
  • All News
      • Up Front
      • Groundbreaking
      • Topping Off
      • Ribbon Cutting
      • View All Up Front Stories
      • Robert L. MarrMarr Companies’ Robert L. Marr Dies at 86
      • Special Features
      • Contributor
      • Green
      • J.E.D.I.
      • Mechanical / Electrical / Plumbing (MEP)
      • Vision
      • Women In Construction
      • Regions
      • Connecticut
      • Northern New England
      • Popular Sectors
      • Cannabis
      • Corporate
      • Education
      • Healthcare
      • Interiors
      • Landscape/Civil
      • Life Science
      • Multi Residential
      • Restoration/Renovation
      • Retail/Hospitality
      • Senior/Assisted Living
      • Technology & Innovation
      • Other News
      • Awards
      • Community
      • COVID-19
      • Mixed-use
      • Municipal
      • National/International
      • Organizations and Events
      • People
      • Philanthropy
      • Products and Services
      • Real Estate
      • Training and Recruitment
  • Subscribe
  • Membership
  • Next Issue
  • Archive
  • Advertise
  • Podcast
  • Events
    • Industry Events
    • A/E/C Associations
Contributor

Cybersecurity for AEC Firms

June 28, 2022

by Nathaniel C. Gravel

With news headlines filled with reports of cyberattacks shutting down everything from fuel pipelines, to food distribution, to internet services, it is not unthinkable that your architectural firm, engineering firm, or construction company could become the next victim. Increasingly sophisticated cyber criminals have the technology and resources to attack any organization, of any size, in any location. The most common forms of attack include phishing or malicious email, data compromise and exfiltration, credential theft, and ransomware.

The size of your firm or the nature of architectural, engineering or construction work are no guarantee of safety. In 2020, a ransomware attack forced a London-based architectural firm to take its network offline. The cyber criminals attempted to extort money after stealing confidential information. Although the firm’s data was backed up, it lost several days of work and was unsure of how much information had been stolen or that additional ransom demands would not be made in the future.

This example of a business being targeted by unscrupulous cyber criminals hits home for architectural and engineering firms, demonstrating the need for firms of all sizes to invest in cybersecurity defense and security awareness training. Half of all small- and medium-sized businesses that suffer a cyberattack go out of business within six months. At the very least, your business is going to suffer a period of disruption that can range from being a nuisance to complete shutdown.

What can you do to protect your firm against a cyberattack? Here are five steps to take to become more resilient to cyberattacks.

  1. Gap Assessment – The first thing to do is identify the places and ways a cybercriminal might be able to access your system. An end-to-end review of vulnerabilities, which should include a penetration test, will give you a basis for deciding where you need to shore up your defenses.
  2. Employee Training – With 95% of intrusions being made through individual error, it is essential that you implement a formal training program for all staff members. A training “stack” can help better prepare your people to recognize phishing attempts, spoofed emails, and suspicious attachments. Be sure to include refresher training, as threats are constantly changing and becoming more sophisticated.
  3. Testing – Don’t just assume your systems are secure and employees are following the rules they have learned. Regular vulnerability assessment, penetration testing, and simulated phishing exercises will help identify and close control gaps before attackers are able to exploit them.
  4. Patching – If you are still running an older version of any type of software you should immediately update to the latest version, which should include patches and security updates.
  5. Layered Security/Defense in Depth – Many companies are still taking an unbalanced approach to defining and implementing their cybersecurity strategy, putting too much confidence in too few security measures, most of which are geared toward preventing cyberattacks. A well-balanced cybersecurity strategy looks beyond simple preventative controls to also consider the organization’s detection and response capabilities. A more comprehensive security strategy generally leads to better investments and an overall improvement in the organization’s security posture.

With odds seemingly stacked in favor of hackers and cyber criminals, it is only a matter of time before your organization falls victim to an attack. But a comprehensive cybersecurity strategy and a well-implemented information security program can help you minimize the impact to your organization and get you back to business quickly.

Nathaniel C. Gravel

Nathaniel C. Gravel, CISA, CISM, CRISC is a cybersecurity expert and consultant with Gray, Gray & Gray, LLP.

Cybersecurity HPNews
    FacebookTwitterLinkedInEmail

You may also like

Contributor • Featured

Construction and Engineering...

August 11, 2022
Contributor • Mixed-use

Integrating Security and Access...

August 2, 2022
Contributor

Performance/Payment Bonds:...

July 28, 2022
Contributor • Retail/Hospitality

Standing up to the Supply Chain...

July 28, 2022
Contributor • Featured • J.E.D.I.

A Holistic Approach to Affordable...

July 28, 2022
Contributor

FLSA May Preempt Massachusetts’...

July 22, 2022
Contributor

Mass. Federal Court Awards...

July 14, 2022
Contributor

Employers: The Time is Ripe for...

July 13, 2022

View the August 2022 issue!

Read HP’s 2022 MEP issue!

Read the WIC 2022 Supplement!

Check out the 2021 Annual Green Supplement!

Read our annual supplements!

  • Green2021.png
  • WIC2022.png
  • MEP2022.png
  • Vision-2019.png

HIGH-PROFILE MONTHLY
615 School St.
Pembroke, MA  02359
Phone: 781 294 4530
Fax:  781 293 5821
info@high-profile.com

Quick Links

  • About Us
  • Contact Us
  • Subscribe
  • Advertise
  • My Account

Stay Informed

Sign up for Fast Facts Friday, our weekly e-newsletter, and stay up-to-date with the latest industry news!

Sign up
Subscribe to High-Profile Monthly to receive an email notice of each new article!
Loading

Copyright © 2022 High-Profile Monthly.

  • Twitter
  • Facebook
  • Instagram
  • Linkedin
  • RSS
  • Sign In
  • My Account