EXECUTIVE SUMMARY:

In the past year, nearly one out of every six construction firms reported experiencing a ransomware attack. Several firms hit with high-profile attacks headlined newspapers, while other firms quietly paid ransoms in private. Although major construction firms may not be the most obvious of cyber criminal targets, hackers know that if they can successfully inflict harm, construction companies are likely to pay ransomware extortion fees.

Cyber criminals can inflict harm by compromising equipment, leading to workforce injuries. They can also breach intellectual property, steal big data, and cause down time, resulting in financial losses and project delays. Expansion of investment in cyber security can help, as can a variety of other best practices outlined below. Read on to learn more.

Why construction firms are at ransomware risk

As the pandemic began to unfold, major construction firms and engineering firms migrated their workers to remote protocols; at least, as much as possible. IT firms scrambled to ready servers, data centers and security. In the chaos and haste, IT admins and cyber security professionals unintentionally left security gaps in systems.

In addition, the proliferation of mobile devices within the construction industry contributes to security oversights. iPads and phones may not be within the purview of IT departments, and consequently may not be secure or may be under-secured.

Many construction firms also lack awareness regarding cyber security. Among the companies that are cyber security aware, the “political will” or the funding may be absent. More investment might help major construction groups push past a reputation as cyber security laggards.

Finally, construction firms frequently operate on a predictable schedule. This means that ransomware attack groups can calculate the best times at which to launch an attack and to try to inflict harm. On account of these nuanced and varied reasons, construction firms need to reconsider cyber security, especially in light of recent ransomware attacks.

6 ways construction firms can avoid ransomware

1. Prevention-first. As a construction organization, consider taking a prevention-first approach. By the time that IT discovers a hacker in your system, it’s too late. Having mechanisms in place to “defend your castle” helps ensure that hackers can’t inflict harm from the inside.
2. Network security audit. Conduct a network security audit to ensure that you don’t have any weak links within your set-up. A network audit can alert you to previously unknown potential issues and can inform you about updates that need to be made.
3. Secure contractor connections. Construction firms commonly rely on contractors for everything from electronic bill payment to material sourcing and distribution. Contractors’ systems may be integrated within construction organizations’ networks. As a result, an attack launched through a contractors’ system represents an easy way to gain access to a more valuable organization; like yours. If your firm has connections with contractors, ensure that security measures are applied appropriately.
4. Up-to-date systems. Keeping cyber secure requires regularly patching and updating software. It’s easy to push this off into the future, especially among organizations that are understaffed or otherwise under-resourced. However, failing to patch or update systems can lead to cyber exploitation. Cyber security technologies can assist with automatic updates and reminders.
   
5. Employee awareness. Roughly 80% of cyber attacks start with a phishing email. Employees often accidentally click on phishing emails, launching a cascade of business-wide security struggles. To combat these kinds of threats, all employees should receive training around cyber security awareness.
6. Data backups. Data backups can function as excellent means of quickly restoring systems in the event of a ransomware attack. However, data backups must be developed with cyber safeguards in mind. If your organization chooses to independently backup data, see to it that your plan incorporates multiple software-based strategies and approaches. Snapshots, replication and stretched clusters can help ensure that you’ll be able to easily restore any lost data in real-time, if needed. Alternatively, you can choose to rely on a third-party for data backup purposes.

In summary

Construction firms cannot avoid cyber security liabilities altogether, but there are numerous means of mitigating risks. More investment and more awareness of cyber security represent strong starting points. The proactive implementation of cyber security best practices can be the difference between business continuity and business collapse. Strong defenses mean that cyber criminals cannot easily inflict harm.