Construction companies are well-acquainted with risk. A construction project of any scale often comes with the chance of a serious engineering issue, a workplace injury, or a general liability issue. Even the most skilled builders cannot completely insulate themselves from risk, though there are always protocols and best-practices that can keep risk to a minimum.
Over the last few years, cybersecurity attacks have been growing rapidly within the construction industry. Specifically, ransomware attacks have plagued the industry, debilitating companies for painful periods of time – and sometimes permanently.
It’s often assumed that larger construction companies are targeted the most and, therefore, are at a greater risk. Larger companies make appealing targets for hackers for the simple reason that they tend to have more resources to pay larger ransoms. However, smaller construction companies are targeted more frequently than large ones. Because they often lack a proper cybersecurity program, hackers see them as an easier target with plenty of resources for paying a ransom.
For construction companies looking to mitigate their ransomware risk, it’s important to understand what a ransomware attack is and some of the most effective mitigants that should be implemented.
What is Ransomware?
Typically, this is a type of cyberattack in which malicious software is used to lock a company out of its own network or to prohibit access to important data. Just like a “ransom” situation that you might see in a movie, the company’s digital assets are held hostage until they agree to pay a specified sum of money to the attackers.
This type of attack can cripple productivity and lead to a loss of confidence among customers or vendors. And of course, there’s also the financial cost. Sources vary as to what the average cost of a ransomware payout is, but for larger companies, it’s not unusual for the total to surpass $1 million. At minimum, it can knock a company off its annual goals or even shut them down.
Cyber Threats in the Construction Industry
Ransomware is nothing new, yet incidents among construction companies are becoming more and more numerous. Though there are several factors that contribute to this increase, the top two factors are the industry’s increased use of digital assets and the lagging adoption of proper cybersecurity programs. From wearables to vehicle controls to worksite security programs, there is an ever-expanding list of entry points for potential cyber criminals. As construction becomes more digitized, its risk exposure to ransomware increases. Because this risk is not matched with proper cybersecurity programs, the industry becomes more and more attractive to bad actors looking to cash-in on ransomware.
Practical Safeguards for Improved Security
Being aware of this risk is an important first step for construction companies. In addition, it’s important to brief employees on best practices for cybersecurity. Training employees about password protection, instructing them not to access company assets on unsecured networks, and raising awareness about phishing and vishing scams can all go a long way toward reducing ransomware risk. (It can’t be overstated: A vast majority of small business cyber-attacks come about due to employee error or ignorance.)
Because ransomeware often involves restricting access to data, having a strong backup plan and restore process is critical. Establishing the time it takes to restore critical systems if all data is deleted or encrypted, and testing this process at least annually is important.
Additionally, securing your company’s IT infrastructure with a proper cybersecurity program will have reduce the risk of an attack. The plan should include many layers of protection, with proper configurations and active monitoring and testing. Often, small and medium sized construction companies will rely on a trusted cybersecurity and IT company to manage this for them.
BlueArmor specializes in cybersecurity and IT for the construction industry nationwide. To learn more about the solution we offer, please reach out to BlueArmor today.