IT Focus: Cyber Security as a Managed Service

PSMJ Resources, Inc.
Posted on: 05/22/17
Written by: PSMJ Resources, Inc.
Topics: Technology

cyber security(3).jpgIt’s not a question of if an architecture or engineering firm is going to suffer a cyber attack,” says attorney and cyber security expert David Furr, “it’s a question of when.” Furr, who teaches cyber security at Wake Forest University, recommends that design firms, especially small firms without dedicated IT teams, invest in a managed services suite, including a next-generation firewall, to prevent debilitating cyber attacks.

Why Your Firm May Be at Risk

It may be tempting to think that a small business is immune from cyber attack. After all, attacks on enormous corporations such as Target are the ones that make the news, and with such large, wealthy corporations around, why would a cyber attacker bother with a small or medium-sized firm?

Simply put, any business of any size that does not have proper cyber security measures in place is low-hanging fruit for today’s cunning cyber criminals, and any data that should be confidential, from employee social security numbers to plans to the contents of sealed bids, is potentially valuable. 

What a Cyber Attack Looks Like

A cyber attack often looks like business as usual—at first. Malware sits in a computer network gathering data, sometimes for months at a time, until the actual attack is launched. Attackers can use data gathered during this stage to create what security experts call a “shiny pig” email. This is an email that looks legitimate—it may come from a familiar-looking address and even contain personal touches (“hope your daughter is feeling better”) but which, when clicked on, unleashes the attack.

Ransomware is a common form of attack: The firm’s entire network is locked down until a ransom (paid in untraceable digital currency bitcoin) is paid. Firms may feel they have no choice but to pay the ransom, but, according to Furr, paying the ransom marks the firm as an easy target that may be subjected to ongoing digital extortion.

Even if ransomware isn’t used, a cyber attack can do devastating damage. Firms may be held legally liable for any confidential client and employee data stolen from their systems, or they may simply have a large sum of money drained from their bank accounts. Once an attack occurs, undoing the damage means a large cash outlay and disruption of business while the entire network is taken offline and every device attached to it is swept clean. Furr estimates that the average cyber attack costs between $300,000 and $1 Million to resolve. The damage done to a firm’s brand by such an attack may be even more serious.

Managed Services

Hiring a dedicated IT team responsible for cyber security is a good solution for large firms. Smaller shops, though, may prefer to purchase a suite of managed services. These services, including anti-malware and next-generation firewall products, can be purchased for a monthly fee of between $750 and $1,500, and usually include an initial sweep and checkup, which scans the network for malware without disrupting daily business. According to David Furr, “that’s really not a lot of money when you compare it to the cost of hiring an IT department or the cost of putting a cyber attack right after the fact.”

Any unsecured network is an attack waiting to happen, and preventing an attack is ultimately much cheaper and far less disruptive than trying to recover from one. Furr says, “60 percent of small businesses that suffer a cyber attack wind up going out of business as a result.” The right protection can prevent your firm from becoming a statistic.

This article is features in the PSMJ's monthly newsletter, Professional Services Management Journal (PSMJ). In today’s fast-moving information overload world, it seems that there is industry-related content everywhere you look, with some nuggets of advice on how you can be more successful. The trouble is that so much content out there is just re-stating what lots of others may (or may not) be doing without making any distinction as to what the most successful industry-leading A/E/C firms are doing. PSMJ’s carefully-curated content ensures that you are not getting generic filler, hypothetical fluff, or anything but proven battle-tested advice. Check out a free copy available at the link below.

PSMJ-Newsletter-2.jpg

Join PSMJ Today!

 

In the PSMJ Blog, we have covered technology and the A/E/C industry from a number of angles. Here is a list of technology-related blog posts:

The New Technology that will Transform the A/E Industry

Where 3D Printing Plays in the A/E/C Arena

10 Tips for Effective Project Management with BIM

5 Common Technology Mistakes Made by A/E Firm Leaders

Mastering Technology for Firm Success

Driverless Cars Will Change How You Run Your Business

SUBSCRIBE TO BLOG:
November 14, 2024

Tips for Establishing a Technology Council and Get Your Firm’s Technology Act Together.

PSMJ Senior Consultant Brian Burnett says that Deltek’s most recent Clarity: Architecture & Engineering Firm Study vindicates the position that AEC firms need to focus more on..

Read More
November 11, 2024

Unpacking The Post-Election Impact for AEC Firms

After the larger-than-expected Republican election victory, let’s step back and look at what it means for the U.S. AEC industry. The three biggest drivers for our industry are (1)..

Read More
November 7, 2024

PSMJ16 vs. SPY

How is the A/E/C industry doing compared to the overall economy, and how can you apply stock price trends of publicly traded companies to making better strategic decisions for..

Read More