Images courtesy of Perkins+Will
Is Your Practice Cyber-Secure? Lessons from the Zaha Hadid Ransomware Attack
In April, Zaha Hadid Architects was held to ransom by hackers in a cyberattack. Lucy Ingham explores why this is a wake-up call to architecture firms about the importance of strong cybersecurity
Mecanoo's design for Futian Civic Culture Center in Shenzhen, China, features numerous sky gardens | Image courtesy of Mecanoo
At the end of April, Zaha Hadid Architects hit the headlines for an unusual reason: it was the victim of a cyberattack.
According to ZDNet, a hacking group known as Light infiltrated Zaha Hadid Architects’ network, stole a wide selection of files and encrypted the company’s files using ransomware. They then threatened to release the data, which included private emails, bank documents, payroll records and a wide selection of employee details, on the web if the firm chose not to pay the hefty ransom the group demanded.
Zaha Hadid Architects confirmed the breach, notified the relevant authorities and began restoring its files from backups.
"Data protection and privacy is extremely important to us and this is why we regretfully have to announce that on 21 April we experienced a security breach and theft of data in a ransomware attack," a Zaha Hadid Architects spokesperson told Dezeen at the time.
"With all our 348 London-based staff working from home during this pandemic and cybercriminals poised to exploit the situation, we strongly advise the architectural community to be extremely cautious."
It has reportedly opted not to pay the ransom, but it is not clear if the matter has been fully resolved, and the firm has not responded to questions by Design & Build Review on the matter.
However, regardless of whether the firm pays or not, the situation is a wake-up call to the architecture industry, which often does not pay adequate attention to cybersecurity, particularly given the amount of data it holds on employees and clients.
Zaha Hadid ransomware attack “shouldn’t have taken the architecture industry by surprise”
For cybersecurity experts, who see this type of attack enacted on a near-daily basis, the breach was in no way surprising, although the fact that it shocked the architecture industry was.
“Whilst this is a jaw-dropping experience for those involved, it is by no means a one-off. These types of attacks are occurring more and more and it shouldn’t have taken the architecture industry by surprise,” Jake Moore, cybersecurity specialist at ESET, tells Design & Build Review.
“In fact, many hackers don’t even take aim at certain industries, as they send out multiple attempts across multiple sectors to give themselves a better chance of succeeding.”
“ It would be an idle invitation to hackers if firms were to complacently think they weren’t open to attack. ”
Architecture firms big and small are being urged to learn from the incident, and review their cybersecurity efforts to ensure they minimise the risk of an attack and are in a position to restore files if they are hit by ransomware.
“It would be an idle invitation to hackers if firms were to complacently think they weren’t open to attack,” says Moore.
“To innocently think anyone won’t be targeted is an oversight, and I recommend all companies learn from all those impacted previously and note their own vulnerabilities”
Protecting against ransomware and data breaches
Notably, this kind of incident can be immensely damaging, not only in cost but in reputation – and what’s worse, it can be very difficult to prevent and respond to.
“The threat of leaking sensitive data can carry a hefty price tag for businesses,” says Andrea Carcano, co-founder and CPO of Nozomi Networks.
“As attackers typically put the victims under time pressure to pay the ransom, organisations don’t always get the opportunity to evaluate the threat and make an informed decision about which actions to take.
“Even when the extent of the damage can be understood, it still takes time to properly evaluate the consequences of a document being leaked.”
“ Organisations don’t always get the opportunity to evaluate the threat and make an informed decision about which actions to take. ”
Carcano recommends that organisations “put preemptive measures in place to defend against these kinds of threat”, including training employees “on the evolving threat of phishing campaigns” – something that Moore agrees with.
“Ransomware is a problematic attack to mitigate with security tools alone as there is so much human involvement. Due to this, training the workforce is vital and must not be overlooked,” he says.
However, Carcano also advises that employees “report any suspicious activity to the security team as quickly as possible” and that companies “ensure all devices and services are up-to-date”.
Perhaps most important, however, is ensuring your systems can be restored if the worst happens.
“Implement a proper backup policy to ensure updates are made regularly and impacted data can be accessed in a timely manner.”