Quick Question: How worried should we be about cyberattacks?

by Rob McManamy

Make no small cyber-security plans?  Probably good advice, too.

As reported Friday in The New York Times:

The huge cyberattack on JPMorgan Chase that touched more than 83 million households and businesses was one of the most serious computer intrusions into an American corporation. But it could have been much worse.... Also troubling is that about nine other financial institutions — a number that has not been previously reported — were also infiltrated by the same group of overseas (presumably Russian) hackers, according to people briefed on the matter.

The news prompted Burnham Works to ask our friend Paul Doherty, co-founder of the AEC Hackathon, what security lessons, if any, this story holds for our industry. On his way back from a conference in South America, he answered my query swiftly via instant messaging.

"If an AEC firm does not have a security protocol program and system in place by now, they should be shot," said Doherty. "The big issue today is not keeping hackers, etc., out , but keeping data in... Think Snowden."

The reference, of course, is to Edward Snowden, the infamous former U.S. government subcontractor who leaked mountains of classified National Security Agency documents to the press in 2013. He still lives in Russia, where he has been granted temporary asylum.

Bottom line: If there's a tech threat to your company today, chances are more likely that it will come from within than without. Hmm, definitely food for thought. Thanks Paul.