It’s not a question of if an architecture or engineering firm is going to suffer a cyber attack,” says attorney and cyber security expert David Furr, “it’s a question of when.” Furr, who teaches cyber security at Wake Forest University, recommends that design firms, especially small firms without dedicated IT teams, invest in a managed services suite, including a next-generation firewall, to prevent debilitating cyber attacks.
Why Your Firm May Be at Risk
It may be tempting to think that a small business is immune from cyber attack. After all, attacks on enormous corporations such as Target are the ones that make the news, and with such large, wealthy corporations around, why would a cyber attacker bother with a small or medium-sized firm?
Simply put, any business of any size that does not have proper cyber security measures in place is low-hanging fruit for today’s cunning cyber criminals, and any data that should be confidential, from employee social security numbers to plans to the contents of sealed bids, is potentially valuable.
What a Cyber Attack Looks Like
A cyber attack often looks like business as usual—at first. Malware sits in a computer network gathering data, sometimes for months at a time, until the actual attack is launched. Attackers can use data gathered during this stage to create what security experts call a “shiny pig” email. This is an email that looks legitimate—it may come from a familiar-looking address and even contain personal touches (“hope your daughter is feeling better”) but which, when clicked on, unleashes the attack.
Ransomware is a common form of attack: The firm’s entire network is locked down until a ransom (paid in untraceable digital currency bitcoin) is paid. Firms may feel they have no choice but to pay the ransom, but, according to Furr, paying the ransom marks the firm as an easy target that may be subjected to ongoing digital extortion.
Even if ransomware isn’t used, a cyber attack can do devastating damage. Firms may be held legally liable for any confidential client and employee data stolen from their systems, or they may simply have a large sum of money drained from their bank accounts. Once an attack occurs, undoing the damage means a large cash outlay and disruption of business while the entire network is taken offline and every device attached to it is swept clean. Furr estimates that the average cyber attack costs between $300,000 and $1 Million to resolve. The damage done to a firm’s brand by such an attack may be even more serious.
Hiring a dedicated IT team responsible for cyber security is a good solution for large firms. Smaller shops, though, may prefer to purchase a suite of managed services. These services, including anti-malware and next-generation firewall products, can be purchased for a monthly fee of between $750 and $1,500, and usually include an initial sweep and checkup, which scans the network for malware without disrupting daily business. According to David Furr, “that’s really not a lot of money when you compare it to the cost of hiring an IT department or the cost of putting a cyber attack right after the fact.”
Any unsecured network is an attack waiting to happen, and preventing an attack is ultimately much cheaper and far less disruptive than trying to recover from one. Furr says, “60 percent of small businesses that suffer a cyber attack wind up going out of business as a result.” The right protection can prevent your firm from becoming a statistic.
This article is features in the PSMJ's monthly newsletter, Professional Services Management Journal (PSMJ). In today’s fast-moving information overload world, it seems that there is industry-related content everywhere you look, with some nuggets of advice on how you can be more successful. The trouble is that so much content out there is just re-stating what lots of others may (or may not) be doing without making any distinction as to what the most successful industry-leading A/E/C firms are doing. PSMJ’s carefully-curated content ensures that you are not getting generic filler, hypothetical fluff, or anything but proven battle-tested advice. Check out a free copy available at the link below.
In the PSMJ Blog, we have covered technology and the A/E/C industry from a number of angles. Here is a list of technology-related blog posts: