Cybersecurity is a concern that affects not only large corporations, but also small and medium-sized businesses, including construction companies. In fact, construction companies are one of the most common industries targeted by hackers, with over 13% of attacks directed towards them. This is due to a variety of reasons, such as inadequate firewalls, the use of multiple digital systems, and the misconception that construction companies’ data is not valuable. Cybercriminals can damage a construction company in various ways, such as through ransom attacks, where they lock or remove data and demand a ransom payment. Construction companies must be aware of these risks and take steps to protect themselves.
“Construction companies are getting hacked way more often than you’re hearing about,” says Russ Young, chief business development officer at software company Tenna. The reasons are numerous, and well-known in the hacker/cyber-criminal world.
Construction companies are vulnerable to cyber-attacks due to the use of multiple digital systems, software and communications devices spread across numerous jobsites and offices, which creates multiple entry points for hackers. Additionally, company executives and IT staff may not be aware of all the devices used by the crews, which makes it difficult to implement security measures. Construction companies often believe that their data is not valuable, but it can be costly to retrieve if lost. Remote work and the use of subcontractors and vendors can also create security risks. Finally, old computers, operating systems and virus protection can also be exploited by cyber-criminals.
Cyber attacks can affect a construction business in these ways:
Ransom. Criminals break into your system and lock up or remove the data you need to operate, then demand a ransom. Work stoppages for contractors can be terribly expensive even if it is for a day or two! Cybersecurity consultants can sometimes negotiate a ransom payment down, but unless you’re well prepared, you’re still going to pay something.
Fraudulent wire transfers. This type of scam is known as Business Email Compromise (BEC) or Business Email Spoofing (BES) and it is a common tactic used by hackers to steal money from businesses. In this scenario, the hacker finds a way into the company’s email or other systems and sets up a fake email account that looks almost identical to the websites or emails of a vendor. They then send an email to the CFO or other executives with false bank routing information, and payments are redirected to the hacker’s anonymous and untraceable bank account.
This scam can be difficult to detect, as the hacker may mirror the conversations and relationship details that the legitimate vendor has with the CFO or other executives. It can take weeks or even months for the real vendor to notice that payments are late. To protect against this type of scam, companies should establish protocols for verifying changes to vendor payment information, and be vigilant about monitoring for suspicious emails or activity.
Intellectual property theft. This is an issue for large companies with multiple patents and proprietary technology. Most contractors are users of intellectual property (i.e. telematics and GPS machine control) rather than producers. It would be possible for a hacker to get into a relatively unguarded construction company system and view bid documents, but it’s unlikely.
When Disaster Strikes:
If you haven’t hired a cybersecurity consultant before you get hit with an attack, you will definitely need one when you do. Be prepared for an attack but taking the actions listed below.
- Create an incident response plan.
- Identify the threat.
- Find the holes in your defences
- Plug the leak/remove the virus.
- Identify additional weaknesses and fix those.
- Then negotiate to reduce the ransom
Learn more about how your construction company can benefit from Reis Informatica’s services by scheduling a complimentary consultation below and be sure to check out our blog on how Construction companies can benefit from IoT services here.