Cybersecurity Strengthening for Leading Architecture Firm
Leading architecture firm strengthened its cybersecurity defense, reduced vulnerabilities, and established a stronger organizational security framework.
Stambaugh Ness (SN), a leading provider of cybersecurity and IT services for the architectural and engineering (AE) industry, was engaged by an award-winning architectural firm with 150 employees and multiple offices serving clients nationally and internationally. The firm had recently experienced a ransomware attack, prompting the need for a comprehensive assessment of its information technology services and cybersecurity infrastructure.
Framework and Methodology
SN utilizes the 18 critical security controls established by the Center for Internet Security (CIS) as a primary reference framework for this assessment. These controls are actions that organizations can take to improve their overall security posture and effectively mitigate the most frequent cyberattacks on systems and networks. Additionally, SN assessed the firm’s systems and processes against industry-leading information technology practices tailored for AE firms. The results of the assessment formed the basis for SN’s recommendations.
Scope of Work
SN meticulously analyzed the firm’s processes, technologies, and security controls. The assessment focused on evaluating the security posture and involved a review of existing security controls, identification of gaps, and prioritized recommendations to enhance the firm’s information security hygiene.
The cyber risk assessment revealed notable vulnerabilities in the client’s cybersecurity infrastructure and practices. Regarding Account Management, current procedures allowed for the existence of overprivileged accounts, lacked access controls and effective user accounting monitoring, and were not maintaining robust password policies. Another critical area that required attention was Security Awareness and Skills Training; the assessment highlighted that employees were inadequately educated in recognizing and responding to potential threats, lacking a formal program focused on human risk management.
In addition, Data Protection emerged as a concern, with identified gaps with respect to data encryption, data classification, and data retention. The firm’s Incident Response Management lacked a robust plan, which hindered its ability to manage and recover from security incidents effectively.
“Initially, the project seemed very daunting to us, but Matt’s personable nature and extensive knowledge allowed us to move forward with attainable tasks and goals.”
Recommendations & Results
By partnering with SN and following the provided recommendations, the architecture firm gained valuable insights into its cybersecurity vulnerabilities and were provided a clear roadmap for improvement.
- Improved Cybersecurity Defense – The firm was better equipped to defend against various cyber threats, reducing the risk of future ransomware attacks.
- Optimized IT Systems – The concurrent IT assessment allowed the firm to streamline and optimize its IT systems, enhancing scalability and cost-efficiency while reducing cybersecurity risks through improved governance and cybersecurity practices.
- Prioritized Project Plan – A project roadmap was developed, helping the firm prioritize and executive initiatives to bridge the identified gaps effectively.
The architecture firm and SN collaboration enabled the client to strengthen its cybersecurity defenses, reduce vulnerabilities, and build a stronger organizational framework. By adopting best practices and enhancing security measures, the firm is now better prepared to safeguard its sensitive data, serve clients confidently, and successfully navigate the evolving landscape of cybersecurity threats.