Why Your Team Needs Cybersecurity Knowledge, Skills, and AbilitiesMay 24, 2021 | By Wayne O'Neill
Cybersecurity is a growing concern in the AEC industry. It’s a significant business and political issue that construction and design firms need to align with to support project scope delivery for their clients.
Since the pandemic, cyberattackers have escalated their attempts to exploit network vulnerabilities. They’re looking to access documents, designs, drawings, and other intellectual property that they can turn into money. They either want payment (a ransom) for the return of the information, or they want to sell this information to the highest bidder on the dark web.
To the bad actors, they see this as a business. To your firm, you need to see this as a real threat that requires vigilance, education, and training. It’s absolutely critical for your team to develop knowledge, skills, and abilities around cybersecurity to ensure that your firm does its part to protect sensitive information when supporting your clients through project scope delivery.
Your People Are Your Greatest Cybersecurity Threat
The wake-up call for business leaders is the need to educate employees on how to better use technology without exposing their organization to risk. This is because bad actors are going after your people, especially in this pandemic era of people working remotely.
Adversaries are looking to launch phishing campaigns against employees through fake emails, social posts, and website links to steal credentials and gain access to your network and data. They’ll even use your people’s personal information to launch highly-targeted spear phishing campaigns.
The thinking from the hackers’ point of view is that people are not privy to their schemes, they’re not educated about their schemes, and they have been lulled into a false sense of security using technology.
Unfortunately, the majority of employees in the workforce are ill-equipped to respond to a cybersecurity event. According to a recent survey by Kenna Security, 61% of surveyed employees failed a basic cybersecurity quiz.
The surveyors found that the majority of employees who participated in the study could not properly recognize a cybersecurity threat and make the appropriate decision about how to respond without exposing themselves or their company to risk.
It’s a big deal for every industry, and it’s a big deal for construction and design firms who need to protect sensitive project information. So, what’s the solution to help develop your employees’ knowledge, skills, and abilities around cybersecurity? Be proactive by providing training.
Train Your Employees to Become Cyber Aware
What often happens is that companies start to care about cybersecurity after they’ve experienced an event. There’s been a breach, a hack, a ransomware attack, a system shutdown, or some other malicious activity. Then, after recovering from the event, that’s when companies decide to provide training to employees.
The reactive way of approaching cybersecurity is a thing of the past. Firms need to get out ahead of the issue of cybersecurity by providing training now, not waiting for an event to occur. Consider these ways to start training your people now on how to be more prepared to identify, respond, and thwart a cyber attack:
- Provide education to your team on the most common types of cyber attacks.
- Bring in an IT expert to explain to your employees what to look out for.
- Schedule tabletop exercises running through various scenarios.
- Create a plan for how employees should respond to something suspicious.
- Introduce a communication outlet for employees to self-report suspicious activity.
Educate. Train. Inform. And then, continue to keep your employees informed about the latest cyber attacks and schemes. Above all else, remain vigilant!
RESET can help in this area. Through our Cyber Range Concierge service, we are actively involved in helping firms become more resilient through access to cybersecurity tools and talent. We focus on helping companies develop the skills, framework, resilience, and culture that are necessary for this era of cyberwarfare. Here’s how we help deliver digital dexterity:
- Develop cybersecurity team skill sets.
- Proactively incorporate staffing framework.
- Reduce corporate risks and increase resilience.
- Activate a cybersecurity culture throughout the organization.
We invite you to contact us today to learn more about how we can support your firm. Now is the time to act so that you can align with the growing industry need to use technology safely when collaborating with clients.