Simple IT Strategies to Keep Cyberattacks at Bay

A recent study shows that the construction industry suffers significantly more security breaches than other industries.
By Sumir Karayi
October 24, 2019

It’s in the news too often: cyberattacks shut down yet another company. And, while the attacks seem random and sporadic, the truth is the construction industry is one of the hardest hit.

According to a recent study, Getting Your House in Order, 82% of construction firms have suffered at least one serious breach in the last two years—well above the 61% average across all industries. With the average cost to recover from a cyber incident now at $3.86 million, the stakes are incredibly high, with most of the damage in the form of downtime and lost productivity. Given the inherent risks of weather delays and liquidated damages that can put projects behind schedule and over budget, the last thing a contractor needs is an IT problem slowing progress.

Considering the risk and what’s at stake, it’s surprising that many in the industry don’t make IT security a priority. Some 87% of firms say they are more concerned with “keeping the lights on”—i.e., maintaining device and system availability—than they are with security. Yet, 90% say they need to invest more in cybersecurity in order to protect the organization from attack.

Spending more on security software is not a sufficient solution. Most of these tools focus on detecting viruses and malicious files, which are becoming increasingly rare. The majority of modern attacks exploit known vulnerabilities in endpoints—unpatched flaws in the operating system or software on laptops or mobile devices that function like back doors—that allow hackers to gain access to the network. In fact, nearly 60% of organizations that suffered an attack admit the culprit was a known vulnerability which they could have, but had not yet patched.

In other words: they had the fix but failed to apply it—and they’re not alone. The average delay in applying endpoint software patches is 102 days, which gives hackers plenty of time to infiltrate the network, deploy ransomware or siphon off system resources to distribute more of their malicious code.

So, if more security software isn’t the answer, what is? Here are five simple strategies that can help protect any contractor from devastating cyberattacks:

  1. Don’t rely on isolation. Many companies will separate each project’s resources onto isolated domains on their network, under the guise of protecting each project from a breach on another. They spend an exorbitant amount of time managing directory domains, ports, firewalls, etc. but there’s no standardized solution for identifying and managing all of the endpoints and connections to these network resources. In fact, all of those directories may actually increase the vulnerability landscape, rather than shrink it.
  2. Gain visibility and control over endpoints. Construction IT teams state that they have control over just 52% of their endpoints—the fewest of any industry. This lack of control means IT has no idea what version of the OS, patches, drivers or software are installed, and worse yet, end users may have free reign to install whatever they choose. Implementing an endpoint device management solution can give visibility and control and help ensure users aren’t left to their own devices when it comes to software updates and installation.
  3. Get a handle on remote devices. By its very nature, construction work is remote work. Engineers, project managers and superintendents are constantly in the field, toting their devices along with them. That makes it tough for IT to maintain control, to know what devices need patching and apply the fix. As a result, 85% of construction IT teams say they struggle to secure remote devices. An endpoint device management solution that allows IT to query devices, see system status and maintain those machines is a vital tool in keeping remote devices working properly and securely.
  4. Migrate to Windows 10. Once again, construction ranks the lowest when it comes to Windows 10 migration with just 66% of devices updated. Recognized to be the most secure OS on the market, with regular, built-in patching to keep it that way, Windows 10 is a must for any firm that makes IT security a priority. Of course, deploying that migration across remote devices is a huge task. Automated endpoint device management solutions can help by enabling remote migration, scheduling migration tasks during off-hours and ensuring those tasks happen in the required order.
  5. Patch. Construction leads the call for greater investment in software patching with 72% of firms citing it as a priority. Remote work, distributed devices and irregular connectivity can make applying patches a huge, overwhelming chore. With an automated endpoint management solution that leverages lightweight protocols, single-packet architecture and scheduling capabilities, deploying those patches becomes a simpler, streamlined and automated process. Patch deployment is optimized automatically based on network bandwidth, known usage patterns and device configuration.

While all of these seem do-able, none of them will work without first getting IT security and operations on the same page. Compared to others, the construction industry is the most prone to misalignment, with 44% reporting issues getting security and operations to work together.

But, unless both teams are working toward the same goals, and using the same tools and metrics, securing the firm will forever be a blame game.

Both sides must start by understanding the business value of security: preventing downtime, project delays and potential loss of business. With that foundation, both can recognize the importance of routine endpoint management. And, with the right tools, the two can work together to eliminate the chore of performing these tasks. The result is a more cohesive, effective and efficient approach to protecting the firm.

by Sumir Karayi
Sumir Karayi founded 1E, an endpoint management and security company, in 1997 with the goal to drive down the cost of IT for organizations of all sizes. Under Sumir’s leadership, 1E has become a successful global organization with offices in New York, Ireland, Australia and Delhi. 1E is also a trusted partner, with 26 million licenses deployed across more than 1,700 organizations in 42 countries worldwide. Sumir is a passionate believer in philanthropy, supporting the Manav Mandir Ashram Orphanage and the Innocent World Charitable Society in India. He’s also a founder member of the Alliance to Save Energy and supporter of the Climate Savers Computing Initiative. 1E in turn is an active, contributing member of the Green Grid as well as a member of the Green IT Council Advisory Board.

Related stories

Is the Construction Industry Actually a Technology Hotbed? Cover Art

Is the Construction Industry Actually a Technology Hotbed?

By Andrew Silver
The construction industry being slow to adopt tech and stuck in its analog ways is a misleading trope. In fact, many companies may be further ahead of the technology curve than people perceive.
History Repeating Cover Art

History Repeating

By Grace Calengor
Trimble used its scanning and data-sharing technology to bring the ancient Library of Celsus back to life in the virtual world.
The Benefits of Incorporating Smart Helmets Into Your Safety Plan Cover Art

The Benefits of Incorporating Smart Helmets Into Your Safety Plan

By Bart Wilder
Sometimes, introducing new technology at your construction company is as simple as strapping on a new helmet. But that simplicity can be lifesaving thanks to today's smart helmet technology.

Follow us

Subscribe to Our Newsletter

Stay in the know with the latest industry news, technology and our weekly features. Get early access to any CE events and webinars.