Client Portal
Contact
About | Success Stories | Cybersecurity Defense Strengthened for Engineering Firm

Cybersecurity Defense Strengthened for Engineering Firm

Cyber Risk Assessment Optimizes IT Systems and Enhances Scalability

A multi-office civil engineering firm with over 250 employees engaged Stambaugh Ness to conduct a cybersecurity risk assessment. The primary objective was to evaluate the firm’s security posture, identify vulnerabilities, and provide recommendations to enhance overall cyber threat protection. Additionally, they required a review of their current business continuity and disaster recovery (BC/DR) solution to ensure optimization and confirm sufficient security controls for remotely stored backup data.

Solutions & Impact

Stambaugh Ness utilized the Center for Internet Security (CIS) 18 Critical Security Controls as a primary framework, assessing the firm’s systems and processes against industry-leading practices tailored for AEC firms. Our in-depth analysis of the firm’s processes, technologies, security controls, and current BC/DR solutions uncovered several critical gaps and provided targeted recommendations, significantly improving their security posture.

  • Improved Access Control Management: Inadequate practices that raised the risk of unauthorized access to sensitive data and systems were identified and addressed.
  • Robust Audit Log Management: Solutions were provided for the absence of a comprehensive system, making it easier to view, track, analyze, and correlate suspicious activities.
  • Enhanced Inventory & Control of Enterprise Hardware Assets: Weaknesses from a lack of a comprehensive inventory were addressed, mitigating potential security breaches from unauthorized or unmanaged hardware.
  • Optimized Network Monitoring & Defense: Practices were brought into alignment with best practices, reducing the risk of unauthorized users and potential data breaches.
  • Prioritized Project Plan: A project roadmap was developed, helping the firm prioritize and execute initiatives to bridge identified gaps effectively.
  • Developed Incident Response Readiness: A comprehensive incident response plan was created, empowering the client to respond quickly and effectively to security incidents, minimizing potential harm and data breaches.

This collaboration between the engineering firm and Stambaugh Ness fortified the organization’s cybersecurity defenses, making it better prepared to navigate the complex landscape of cybersecurity threats while maintaining data security.

Testimonial

“When instances arose where we were not familiar with something, [SN] was able to clearly explain it to us and offer valuable suggestions.” 

Technology Solutions, IT Compliance & Cybersecurity