In this episode, we talk to Tom Kirkham, the founder, and CEO of IronTech Security, about the importance of protecting AEC firms from cyberattacks with cybersecurity. Tom also explain what engineering firms can do right away when they experience a security breach.
***You can view the video version of this episode here.***
Engineering Quotes:
Here Are Some of the Questions I Ask Tom:
- How vulnerable are AEC firms to cyberattacks?
- What can individual employees do to help protect their firms against these types of attacks?
- How do you see artificial intelligence affecting the cybersecurity space?
- Could you talk about the return on investment that a firm is going to see by taking a preventative approach to cybersecurity?
- What should an AEC firm be doing if they don’t have preventative maintenance or a system in place and they get hacked?
- Could you give our listeners and viewers a sneak peek into why you wrote these books and what they’re all about?
- What advice would you like to share with the audience today, taking into consideration all the topics we’ve discussed?
Here Are Some Key Points Discussed in This Episode About Safeguarding AEC Firms:
- Cybersecurity threats are a big concern for those dealing with critical infrastructure and intellectual property. Criminal hackers and nation-states pose a significant risk, with the former motivated by money and the latter by differing objectives. The scale of cyberattacks is vast and automated, with thousands of attacks happening daily. It’s crucial to understand the big picture and take necessary steps to protect against these threats.
- Ninety-five percent of successful attacks on firms involve human error, with employees being fooled into opening file attachments through psychological manipulation and social engineering. Automated phishing attacks are widespread, and even the most experienced information security professionals are not immune. Attackers use sophisticated techniques with perfect grammar and graphics to target specific employees and pose a threat to the entire company.
- The advent of artificial intelligence (AI) will refine psychological manipulation techniques used in automated phishing attacks, increasing the risk profile for everyone. Even small firms may become victims of highly personalized, large-scale hacking systems. Human failure remains the weakest link, as 95% of successful attacks involve a human error in falling for phishing scams.
- Investing in proactive security protection is four to five times cheaper than responding to a security anomaly. A good security company can provide reports on threats stopped, threat actors, and the technology used. Having a security team can help protect against malicious attacks and assist in identifying and preventing them. Businesses are adopting a culture of contacting security teams for any suspicious activity.
- If you experience a cyberattack, the scale of the impact will depend on your organization’s size and reputation. Incident response teams specialize in negotiating ransom and managing the fallout from an attack. Engaging a defense team beforehand can prevent successful attacks. It’s critical to have a team monitoring and responding to intrusions, and not to underestimate the seriousness of the cyberthreat.
- The books are targeted toward business managers, owners, and high net worth individuals. The first book, “Cyber Pandemic Survival Guide,” offers practical advice on reducing the risk of being hacked in the event of a cyber crisis. The second book, “Hacked the Rich,” provides techniques for individuals to protect themselves from cyberthreats. Both books have an entertaining fictional story and are easy to read, taking about an hour-and-a-half to complete.
- Take cybersecurity seriously by doing a risk analysis that follows international standards, identifying weaknesses and vulnerabilities, and committing to proper protection. Security should be a top priority and embedded in company culture, but you should not rely solely on external cybersecurity consultants. Always remember that ransomware attacks are common and can happen to anyone, not just major corporations.
More Details in This Episode…
About the Guest, Tom Kirkham
Tom Kirkham, founder and CEO of IronTech Security, provides cybersecurity defense systems and focuses on educating and encouraging organizations to establish a security-first environment with cybersecurity training programs for all workers to prevent successful attacks. Kirkham brings more than three decades of software design, network administration, computer security, and cybersecurity knowledge to organizations around the country.
About the Host: Nick Heim, P.E.
Nick is a field and VDC engineer at StructureCare, owner of Green House Property Management, and the host of the AEC Engineering and Technology Podcast. Nick’s interests lie at the intersection between the built world and technology, and he can be found looking for the ever-changing answer to the question, “How can we do this better?” He can be found on LinkedIn, producing content about the use of technologies in his civil engineering career and small business.
Books Mentioned in This Episode:
The Cyber Pandemic Survival Guide
Sources/References:
IronTech Security
Tom Kirkham’s Website
TECC 273: How Engineering Firms Can Secure Their Businesses Against Ransomware Attacks
Connect with Tom Kirkham on LinkedIn
This Episode Is Brought to You by Deltek
Better software means better projects. Deltek is the leading global provider of enterprise software and information solutions for project-based businesses. More than 30,000 organizations and millions of users in over 80 countries around the world rely on Deltek for superior levels of project intelligence, management, and collaboration. Our industry-focused expertise powers project success by helping firms achieve performance that maximizes productivity and revenue. Visit deltek.com to learn more.
We would love to hear any questions you might have or stories you can share on cybersecurity, responding to breaches, and safeguarding AEC firms.
Please leave your comments, feedback, or questions in the section below.