Cyber Security for Architecture & Design Studios: The Threat Is Real

Many architectural firms are tempted into believing they’re safe from cyberattacks because they don’t consider their data to be “sensitive” enough to attract criminals. Cybercriminals are sophisticated, deliberate, and efficient in how they monetize their efforts. If you use the internet for any reason – even if just for basics such as email, submitting invoices, or sharing designs–you are at risk–and cyber risk is a problem for every professional design firm.

A risk report published by the AIA Trust (The American Institute of Architects) is filled with real case studies and highlights how very attractive architecture and design firms are to cybercriminals, the most successful attack vectors currently in use, and the potential regulatory and reputational impact in the event of a data privacy violation. A defensible cyber security strategy provides a framework to create a safer, more cyber resilient organization. But in the event of an incident or breach, it also helps you develop a validated, auditable narrative to reply to the question:

“How does your designs srtudio manage Cyber Security risk?”

The report gives an overview of recent trends in cyber risk for any firm that might be harboring a false sense of security that it is at low risk for an attack. These risks include a business email compromise, a major threat that can affect anyone with an email account, and a ransomware attack for which every business is a target, particularly those with lax security.

Importantly, the report discusses security measures that all firms should consider, starting with the five pillars of defensible cyber security which include governance, policies and procedures, infrastructure and standards, and people and training. Specific practices are prioritized for firms to more effectively protect their data and their bottom line.

The report clarifies that an architectural firm is as likely a target for cyber-attackers as any enterprise in any business sector – your data is valuable and may even be used as a springboard into a client’s environment. Ultimately, gaining a better understanding of the risks you face along with a greater insight into how to defend and protect what you work for, is an ongoing goal.

The statistics are staggering, especially since business workflows and assets have largely gone digital. Architects and builders have welcomed significant shifts in their digital workflow with cloud-based BIM software for remote project coordination, internet file hosting for global accessibility, and virtual workspaces for team communication. And the end results—the buildings themselves—are slowly but increasingly connected to the Internet of Things (IoT) networks, with building management systems storing user information on everything from HVAC usage to lighting preferences.

Consider the following hypothetical scenarios: a hacker targeting an architecture firm could expose sensitive data about a client’s confidential business operations; a data breach at Dropbox could expose any one of the?1.5 billion DWG (drawing) files?currently stored on the platform, and a cyberattack focused on a building control system in a hospital or airport could put the safety of its occupants at risk. These situations are certainly on the minds of technology leaders at any architecture firm doing government, infrastructure, defense, or corporate work.

Software companies like Autodesk too are also taking steps to protect their users. According to?Autodesk’s product security website, the company regularly performs third-party audits on its platforms to ensure compliance with industry best practices and standards.

As buildings and communities increasingly become interconnected, architects are in the unique position to manage and utilize collected data once blockchain technology becomes accessible.

Want to more about Cyber Security Tools and Solutions for Architecture & Design Firms? Write to me in the comments, and I shall write my next articles on leading cyber security solutions in India.