The Introduction: A Connected Construction Industry
With the increasing use of internet-connected solutions, including Building Information Modeling (BIM), telematics, and project management software, the construction industry has become more vulnerable to cyberattacks. However, some construction businesses do not perceive themselves as potential targets for cyberattacks, given the perceived low dependency on computers and the internet.
Why is the Construction Industry at Risk? An Analysis of the Risks
Construction firms possess a wealth of information that is of interest to hackers, including intellectual property, proprietary assets, architectural drawings, and specifications, as well as corporate banking and financial accounts. In spear phishing scams, hackers frequently target employee information such as full names, Social Security numbers, and bank account data used for payroll. General contractors and subcontractors are also targeted by hackers, who seek to access their clients’ networks.
Examples of Cyberattacks in the Construction Industry: Real-life Cases
Several construction firms, including Turner Construction and Whiting-Turner Contracting, have been victims of cybercrime. Turner Construction fell prey to a spear phishing scam that resulted in the disclosure of tax information on current and former employees to a fraudulent email account. Similarly, Whiting-Turner Contracting discovered suspicious activity on an outside vendor’s system that generated tax forms for employees.
Tips to Prevent Data Breaches and Cyberattacks: Best Practices
To prevent cyberattacks, construction businesses should install security software on their company’s servers and computers, maintain updated firewalls, and train employees on security policies and practices. Additionally, mobile devices used to access company networks should be equipped with hardware and software data encryption, Wi-Fi networks should be secured, and data should be regularly backed up offsite or with a trusted cloud storage provider.
Conclusion: Preparing for the Inevitable
According to most security experts, it is only a matter of time before a company becomes the target of a cyberattack. Therefore, it is essential to have a response plan in place for dealing with cyber incidents and to invest in cyber insurance since traditional insurance coverage may not cover cyber and technology liability.
