Cybersecurity attacks are making headlines these days, and the construction industry is not immune. For some construction companies, recent ransomware attacks have led to the loss of confidential data or a systems shutdown. Cyberattacks can take many forms, and as they adopt more technological solutions, construction companies need to prepare to defend themselves.
From project, team and customer relationship software to drones and autonomous construction machinery, the construction industry technology has replaced paper documents such as project drawings, purchase orders, field directives and time cards. A company’s major assets are no longer just materials and equipment, but also technology devices that provide critical services and often represent significant investments.
Recent news examples of cyberattacks in the construction industry include ransomware attacks on Bird Construction in December 2019 and Bouygues Construction in January 2020. Ransomware works by encrypting the data within the breached system, preventing companies from accessing the data and critical systems without the encryption key, which is held by the attacker. The attackers then demand a sum of money to provide the key to decrypt the data; usually, requiring the ransom be remitted in cryptocurrency, such as bitcoin. Refusing to pay may result in not being able to access company data or systems in the near term, if at all. Paying the ransom creates a bigger market for this type of attack.
Ransomware is not the only threat. And ransoms are not the only damages. Here are a few of other threats to a business from cyberattacks:
What can construction companies do to protect their assets from cybersecurity risks?
This means implementing good, common sense controls and processes can prevent a large majority of attacks. Start with an asset inventory to clearly identify what needs to be protected. Then conduct a risk assessment to evaluate the risks posed to these assets. This will provide a clear picture of vulnerable areas, and provide clarity about where to spend time, money and resources to address the most critical risks.
The weakest link in any cybersecurity defense system is always people. To protect their assets, construction companies should provide cybersecurity training and information for employees and also ensure that the company has the right security protocols in place if a data breach occurs. How to assess internal cybersecurity risks
Here are some questions companies should be asking of their IT staff:
Addressing unsatisfactory responses to these questions are a good place to start, but cybersecurity is an ongoing process that needs to be part of every construction company’s risk assessment and abatement protocols. With regular checkups and the right protections in place, technology can continue to drive the construction business forward into the future.
Written by {{author.AuthorName}} - {{author.AuthorPosition}}, {{author.Company}} {{author.Company}} Contact Info: {{author.OfficePhone}} , {{author.EmailAddress}}
{{comment.Text}}