Blueprint for Disaster: Cyber Criminals’ Plans Include Architecture and Engineering (A&E) Firms

When one conjures the image of a cybercriminal, it is often a mysterious villain hunched over a computer situated in the bowels of some darkened lair. And if one were to envision their next target, it would undoubtedly be some database overflowing with credit card numbers or protected health information. However, intellectual property such as blueprints and schematics are also high on any hacker’s wish list. What better way to bypass the laborious process of designing a new construction project than to simply poach the plans from an architecture firm? If the goal is to identify vulnerabilities in a product, a sure fire shortcut is to possess an engineering firm’s top secret schematics that detail every aspect. Here are but a few recent examples of these nefarious tactics:

• In December 2019, a major computer chip manufacturer unearthed online postings of hacked engineering documentation related to their graphics processing unit schematics
• In March 2020, a Swedish security company had thousands of documents stolen, including blueprints of bank vaults, alarm equipment, and ATM security functions
• In August 2020, cybercriminals compromised the systems belonging to an architecture firm involved in luxury real-estate projects worth billions of US dollars

Because highly valuable intellectual property is the currency of A&E firms, cybercriminals will continue to lurk in the shadows, vigilantly searching for the next unpatched server or unsuspecting user willing to click on a spear phishing email. Some A&E firms may not possess the resources needed to identify and combat these threats. Thankfully, Citrin Cooperman offers a wide array of cybersecurity services to supplement your IT resources to help keep your business safe and secure, including: 

• Cybersecurity Assessments
  • Citrin Cooperman provides an array of cybersecurity assessments to help a business understand the impact of a breach, identify the most critical systems and data, understand how to protect those key systems and data, recognize and prioritize gaps, and build a roadmap to a safer and more secure environment.
• Security Awareness Training and Spear Phishing Simulations
  • Since the genesis of over 90% of data breaches is a spear phishing attack, it is imperative to train employees to identify and avoid this threat. Citrin Cooperman can provide your business with the training and simulations needed to avoid the scourge of spear phishing.
• Compliance
  • Whether a company stores driver’s license numbers, credit card data, Social Security numbers, or other sensitive information, Citrin Cooperman can help identify what regulations apply and how to efficiently and cost effectively meet the necessary requirements.
• Penetration Testing
  • All it takes is one unpatched or misconfigured server to allow cybercriminals into your business. Citrin Cooperman’s vulnerability management team can act as a “simulated bad guy” by conducting internal and external penetration testing to identify any vulnerabilities. A prioritized strategic plan to address any findings will be provided to help your business fortify its defenses against an actual attack. 

With the ever-evolving surge of cybersecurity threats, Citrin Cooperman can help your business stay safe from cyberattacks and avoid becoming that next data breach headline.

For more information, please contact Kevin Ricci at kricci@citrincooperman.com.