When Colonial Pipeline, the largest refined products pipeline in the United States, experienced a ransomware attack in 2021, the cybercriminals infected the company’s digital systems, shutting them down for several days. The hackers also stole sensitive information from the company, forcing Colonial Pipeline to pay $5 million in ransom so the hackers didn’t release the data publicly.
Not only did this ransomware attack paralyze Colonial Pipeline’s operations and cost them millions of dollars, but it also decreased fuel supplies, caused airports to cancel flights and resulted in many Americans panic-buying fuel. The attack was ultimately deemed a national security threat.
Black & McDonald—a Toronto-based engineering company that works on critical military, power and transportation infrastructure—was the victim of a ransomware attack in 2023. The cyberattack threatened Canada’s national security and critical infrastructure because this firm works on military bases, nuclear power plants, airports and with the Toronto Transit Commission.
A cyberattack against British engineering company Morgan Advanced Materials in 2023 resulted in the encryption of the firm’s applications and data storage systems as well as damage to network devices. The cybercrime cost the company £12 million and resulted in a substantial 10% to 15% operating profit loss for the year.
Engineering Companies are Attractive Targets for Hackers
Engineering firms are attractive targets for cybercriminals because they handle valuable intellectual property, proprietary information and sensitive data. Many engineering firms work with critical infrastructure, government entities, military bases, etc., making them particularly appealing to hackers. Attacks on the engineering sector can cause interruptions in business operations, data loss and costly downtime, as well as tremendous financial, legal and reputational damage.
The innovative technologies that engineering companies depend on—including smart devices and project management software—can increase their vulnerabilities, serving as potential points of entry for hackers. Engineering firms should realize that any network vulnerabilities can increase their risk for a potentially devastating cyberbreach and work proactively (and continuously) to improve their cybersecurity.
Reports have shown a 72% increase in cyberattacks since 2021, and attacks against the engineering sector have been damaging and expensive. Cybercrimes will cost companies an astonishing $10.5 trillion by 2025, a 15% year-to-year growth.
READ MORE: Data Theft an Evolving Concern for Manufacturers
Some engineering companies may think they are “too small” to be the target of a cyberattack, but today’s hackers aren’t just focusing on large organizations. Smaller businesses are often ideal targets for cybercriminals because they may lack robust cybersecurity measures, and their network vulnerabilities make them easy to infiltrate. In fact, 43% of cyberattacks target small businesses.
Unique Challenges for Engineering Companies
Engineering firms have some unique challenges—in terms of their operating environments, their systems and the information they handle—that must be addressed in their cybersecurity efforts. For instance, they must be mindful of integrating security measures with their legacy systems. Since outdated systems weren’t designed with modern security standards in mind, it can be complicated, time-consuming and expensive to bolster network security.
Engineering teams must also be aware of rapidly changing technologies as well as the threats they potentially pose. Since engineers frequently use the most cutting-edge technologies to do their jobs, they must ensure that their cybersecurity efforts evolve accordingly to prevent the latest threats.
Additionally, as many employees work remotely—and out in the field—their endpoints (or individual devices) have become more vulnerable. Engineers often collaborate on projects, sharing access to data (and sensitive information) across teams and locations. IT teams must consider these scenarios as they deploy and manage their cybersecurity efforts.
And, while resource constraints aren’t unique to the engineering sector, it’s important to realize that smaller engineering firms might not have the necessary resources when it comes to budget and staff to implement and monitor comprehensive cybersecurity measures. Without the proper security in place, companies become more vulnerable to cyberattacks.
How Engineering Firms Can Prevent Cybercrimes
The most common cybercrimes against engineering companies include ransomware, email fraud, phishing scams and intellectual property theft. Therefore, it’s essential to take every precaution to protect against these threats.
The good news is there are actionable steps that every business can (and should) take to elevate their cybersecurity and reduce their vulnerabilities and risks, including the following:
Train employees. The single most effective way to safeguard a business from cyberattacks is through employee training. Because 85% of breaches involve a human element, prioritize education and awareness-building. Employees often unknowingly allow cybercriminals to infiltrate the company’s network by clicking on malicious links, using weak passwords, falling for phishing scams or sharing sensitive information that can compromise your network. Proper training can help prevent this.
Understand common threats. Employees should understand the most common types of cyberthreats, including phishing, ransomware, malware and social engineering. Employers should provide training that includes real-life scenarios and case studies to illustrate how these attacks happen and how damaging they can be.
READ MORE: Cybersecurity: Protect Your Data, and Your Workers
For instance, email fraud is a major threat in the engineering sector. Cybercriminals often impersonate third-party vendors and contractors to access private information. They might send emails disguised as invoices, data requests or other legitimate-sounding inquiries.
Hackers also use phishing to gain access to sensitive information, including account information and other confidential data. Cybercriminals have become more creative, sneaky and persistent, and they may ask victims to click links, respond to fraudulent email addresses, download attachments or provide information that will allow them to infiltrate a company’s network.
Look for configuration vulnerabilities. Many companies’ IT pains and vulnerabilities are driven by poor design, so they may need to refresh hardware, cycle out onsite equipment to the cloud and/or identify and fix other vulnerabilities. Additionally, they should keep operating systems, essential software (including antivirus software), web browsers and other applications updated. Software vendors regularly provide patches and updates to improve security, and these should be used. Concerningly, half of internal IT experts aren’t performing regular testing and maintenance, which could leave their organizations vulnerable.
Control physical access and data access. Companies need to prevent access to computers from unauthorized individuals. Laptops and mobile devices are easy targets for theft, so they should be locked up when they’re unattended. Because these devices can get lost or misplaced, employees need to use strong passwords and MFA on their computers, iPads and smartphones. Implement reporting protocols for lost or stolen equipment and ensure that former employees are removed from your IT systems—and that they return all company-issued devices when leaving the organization. Regularly audit data, including files your company is hosting in the cloud. Also, implement role-based access, giving employees access only to the information they need.
Secure endpoints. In traditional office settings, IT departments relied on strong network security measures—including firewalls, intrusion detection systems and secure gateways—to protect sensitive data. Now, as many employees work remotely and out in the field, the endpoint—each employee’s individual device—has become more vulnerable, requiring organizations to shift how their security measures are deployed and managed.
Endpoints are more vulnerable to cyberthreats, including malware, phishing attacks, and ransomware, as employees access company networks remotely, often using less-secure networks.
Cybercriminals target these vulnerable endpoints to access companies’ networks. Implement stringent measures to protect endpoints, including endpoint detection and response (EDR), which provides comprehensive protection against numerous cyberthreats like malware, ransomware and phishing. Additionally, the Zero Trust Security Model requires strict identity verification for every device and user attempting to access network resources, minimizing the risk of unauthorized access.
Multi-factor authentication (MFA) adds an extra layer of security, requiring users to provide multiple forms of verification before accessing sensitive data. Encrypting data ensures that even if a device is compromised, data remains inaccessible without the appropriate decryption keys, protecting sensitive information on mobile devices that can be lost or stolen.
Create incident response protocols. Cyberattacks can happen to any business at any time, so a response plan should be in place that explains exactly what employees should do if they suspect a data breach, including how to mitigate the impact. The plan should include procedures for notifying colleagues, customers, authorities and other key stakeholders. It should also designate an internal media spokesperson to handle press inquiries about the incident. Regularly conduct cyber resilience reviews and vulnerability scans to test operational resilience, identify potential vulnerabilities and assess an organization’s cybersecurity protocols.
READ MORE: Malware Targets Manufacturing Vulnerabilities
Beware of AI, ML and IoT threats. As technology evolves, so does cybercrime. Today’s cybercriminals are using innovations like artificial intelligence (AI) and machine learning (ML) to accelerate and automate cyberattacks, complete more complex phishing attacks, including identity theft, and identify vulnerabilities in companies’ networks. As AI and ML technologies continue to improve, their roles in cybercrimes will likely expand, as well.
Many hackers rely heavily on social engineering, using technologies like AI to complete their cybercrimes. And since the Internet of Things (IoT) provides a huge attack surface, it allows cybercriminals to more easily steal credentials and other sensitive data (e.g., personal and financial information) by accessing unprotected or poorly protected devices.
Prohibit shadow IT. Educate employees about shadow IT—the unsanctioned use of software, hardware or other systems within an organization without the knowledge and permission of the company’s IT department—and prohibit them from doing this. It’s risky to use systems that are unknown to the IT team because they’re not protected by the organization’s security protocols. That means the systems could contain serious vulnerabilities—such as default passwords or misconfigurations—that could exponentially increase a company’s vulnerabilities and security risks. Increasingly, hackers are looking to exploit these system vulnerabilities to get into company networks.
Know that hackers could use multiple types of attacks simultaneously. Determined hackers combine multiple types of threats—including malware, ransomware and distributed denial of service (DDoS) attacks—simultaneously to attack companies’ networks. For example, a ransomware attack may start with a phishing email and then escalate, deploying malware that encrypts data. Cybercriminals are getting bolder and more creative, using the first phishing hack as a “distraction” before using another tactic like malware to reach their ransomware goals.
Protect the cloud. As many organizations rely on the cloud, it’s important to implement robust security measures for cloud-based data storage and operations. While cloud providers typically apply strong security protocols, companies may be exposed to vulnerabilities due to employee errors, malicious software and/or phishing attacks. Be sure to continuously monitor cloud-based systems, identify and remediate any vulnerabilities, mitigate risks and safeguard data stored in the cloud.
Know that cybersecurity is an ongoing process, not a one-time fix. Cyberthreats are emerging rapidly, exposing new vulnerabilities and attack vectors, so continuously update security protocols, monitor unusual activities and adapt to new threats. It’s not enough to simply install antivirus software or a firewall. Proper cybersecurity requires constant vigilance and proactive measures.
Engineering firms must overcome their cybersecurity challenges, be mindful of evolving technologies and threats, and take every precaution to protect their businesses, customers, employees and data. Because engineering businesses work with intellectual property, proprietary information and sensitive data, they’re an appealing target for hackers. Strengthen your cybersecurity to avoid the potentially significant operational, financial and reputational damage that can result from a cyberattack.