When it comes to cyberattacks, industries like retail, health care, and finance might spring to mind, but they aren’t the only ones that are at risk.
The construction industry may be one of the slowest to adopt new technologies, but that doesn’t make it immune to attacks by hackers and other cyber threats.
What are some of the dangers the construction industry might face from cyberspace, and what can they do to protect themselves?
While construction information might not seem as valuable as, say, credit card information or medical records, several different resources could prove beneficial for hackers in the construction industry.
Things like employee Social Security numbers and bank details for direct deposit might be stored on company servers and can lead to identity theft. Blueprints, company financial information, and other intellectual property could be valuable in cases of corporate espionage. Companies that carry out government contracts may also find themselves targets due to the sensitive nature of the information.
Ransomware — a virus attack that encrypts files and holds them for ransom while the hackers demand fees for the decryption key — quickly became one of the biggest threats to nearly every industry. One such attack, the WannaCry hack of 2017, completely disabled much of the National Health Service (NHS) for three days — and could have been prevented if the NHS had simply upgraded the operating system used in their network.
Ransomware can take an entire company offline for days or weeks — not to mention the extreme cost of paying the ransom to obtain the decryption key.
Phishing scams are becoming more clever every year. Emails that look legitimate may contain links that lead to fake websites designed for stealing critical information.
According to a 2018 report, 93% of all data breaches are caused by phishing scams. These provide hackers and thieves with an open door into a company’s network and can make it easy for them to make off with all sorts of privileged information before anyone even realises there’s been a breach.
Each person who accesses a network should have their own unique and secure credentials. If these credentials are stolen, they can cause a breach, making it easy for hackers to make their way into a system without anyone ever knowing they’re there.
This can lead to a host of more significant problems, from outright theft to more subtle attacks such as taking out a line of credit or renting equipment in the company’s name with no intention to return it. In these cases, it’s often not just the company’s assets that are at risk but its reputation as well.
Botnets and Direct Denial of Service (DDoS) are also becoming more common. Essentially, hackers use systems of computers or other networked devices known as botnets and instruct them to attack a specific system or server.
Late in 2016, a massive DDoS attack took down the majority of the internet, leaving users around the globe scrambling to try and access their favourite websites. These attacks don’t have to be global, and a targeted DDoS attack could easily take down a construction company’s network and leave it vulnerable to breach.
What will it take for companies to protect their valuable assets from the growing threat of cyberattacks?
For a start, security education is essential for anyone who accesses the network, either on-site or remotely. Teach employees how to recognise phishing scams, not to open any attachments unless they’re expected from another member in-network, and how to avoid introducing ransomware and other viruses to the system.
Do not underestimate these threats. A small company is just as vulnerable as a large one — often more so because they lack the resources to bring in cybersecurity experts to help them protect their networks. Even if it doesn’t seem like there is a need for protection from cyberattacks, there is always the risk that someone will find their way in and make off with valuable information or a company’s intellectual property.
Theft isn’t a new concept in the construction industry, but until we started using the internet, would-be thieves had to sneak into construction sites and physically steal materials or information. As the use of technology continues to increase in the construction industry, so to will the threats to these networks. There will always be someone out there looking for a backdoor or other security loopholes that let them make off with whatever they can carry — and when you’re talking about digital data, it’s easy to take a lot.
Companies need to take the time now to protect themselves from cyberattacks before they become a more lucrative target. Investing in cybersecurity is no longer optional. It is essential.