All industries have undergone a period of digital transformation over the past two decades. The advancement of technology has had a myriad of benefits for businesses, including increased profitability, productivity and some technologies have completely changed the way business’s function. The construction industry now relies on technology more than ever, as new technologies are used for everything from logistics to building information modelling. With this rapid adoption of technology, some construction companies have not sufficiently secured their IT systems, and cybercriminals have taken advantage of this, with many high-profile cyberattacks on the construction industry over the past 5 years. In this article we will discuss the key cybersecurity challenges within the construction industry, the growing cyberthreats, what’s at risk and how businesses can stay safe.
Key Cybersecurity Challenges
Within the construction industry, workers often work in multiple locations on projects. As these locations are temporary, this can pose a significant security risk. This includes the physical security of the building containing hardware, as well as the network security of the job site. If the temporary network can connect to a wider company network, cybercriminals can use this to carry out large scale attack.
Whilst working on a construction project there are many stakeholders that have access to data. This includes architects, site managers, project managers and workers. If access to data is poorly managed, this can allow these stakeholders to access more sensitive files than necessary, increasing the risk of an insider attack.
High Employee Turnover
The construction industry has a higher staff turnover than most other industries, and often projects will include various subcontractors. This high turnover often results in workers lacking sufficient cybersecurity awareness training. This lack of training increases the success rate of a cyberattack.
The Growing Threats
Between August 2020 and August 2021, ransomware attacks have increased by 64% year on year. These attacks are a form of malware that encrypts all data on a system and the malware can often move across a network, encrypting all devices within a company. The attacker then demands a ransom payment to decrypt the files. These attacks have been plaguing all industries, including the construction industry, and have shut down thousands of businesses for prolonged periods of time.
The most common form of cybersecurity incidents are phishing attacks. These attacks are typically carried out via email and involve the cybercriminal trying to deceive the victim into opening a malicious link or giving out sensitive information. Although the majority of phishing attacks use email as an attack vector, some cybercriminals will also use SMS, voice calls or even social media to launch an attack.
A data breach occurs when a cybercriminal gains access to sensitive company information from within their system. This may include stealing employee information, the company’s intellectual property, material prices or bank records.
What’s at Risk
Falling victim to a cyberattack hurts a business in many ways. Firstly, there are often significant costs involved in recovering from an attack. For a ransomware attack, these costs may include paying the ransom, or paying a cybersecurity professional to attempt to decrypt the data, along with the cost of the downtime whilst the IT systems are not functional. For a data breach there are costs involved with forensics and potential fines for breached customer data.
Another worrying consequence of a cyberattack is the potential reputation damage and loss of customers. Especially after a data breach, customers and vendors may think poorly of the company, hurting their brand and decreasing the chance of future work with customers.
How to Keep your Business Safe
All businesses in the construction industry need to invest in cybersecurity in order to safeguard their assets, reputation and growth of their business. There are simple steps that businesses can take to reduce the chance of a cyberattack, such as enabling multi-factor authentication, implementing a BYOD policy and providing sufficient cybersecurity awareness training for employees.
In order to reduce downtime after a ransomware attempt, business can rely on Acronis Cyber Protect. Acronis Cyber Protect uses AI-based behavioural detection, and in the case of a ransomware attack, it will automatically remove the ransomware and revert the file to a backup to limit downtime and stop further spread of the malware. Businesses can select how often backups are run, and what data should be backed up. This flexibility allows businesses to tailor backups to suit their specific needs.
If you want to find out more on how to safeguard your business against cyberattacks, get in contact with us today.