“Our nation is under attacks from Cyber terrorists”
A recent Forrester survey revealed that more than 75% of respondents in the construction, engineering & infrastructure industries had experienced a cyber-incident within the last 12 months.
Cybersecurity Risks for the Construction Industry
It’s not a tag line of the latest Hollywood sci-fi action movie, “Our nation is under attacks from Cyber terrorists”, rather a grim reality of all our lives across the board. (https://www.heritage.org/cybersecurity/heritage-explains/the-growing-threat-cyberattacks)
There is a war raging between good and evil in the realm of cyber security. We are fortunate that most of the times the good guys are winning but once in a while the bad guys score a major win. And when that happens you don’t want to be on the losing side. The constant cyber threat is keeping all our government agencies and business industries on their toes. All the govt. and non govt, compliance requirements are now addressing cybersecurity related issues and concerns.
While majority of the business verticals are scrambling to protect themselves from the steady barrage of cyber-attacks, and ensuring to have some sort of threat protection in place; the construction industry among others are seriously lagging behind. https://riskandinsurance.com/case-cyber-coverage-construction-industry/
Although the industry has adopted newer technology and use of online networks/tools to exchange client and project data, it is quite behind in terms of data security efforts. Sadly a large number of construction firms have little or no IT expertise, or even if they have their own IT department, the IT folks are too busy keeping up with the routine IT related chores and lack the time and/or skillset to address the Cyberthreats and risks. Also, a good number of smaller business owners mistakenly believe that cyber-attacks are only geared towards large corporations and financial institutions, but records show that nearly half of all cyber-attacks are targeted at small businesses. https://www.cnbc.com/2019/10/13/cyberattacks-cost-small-companies-200k-putting-many-out-of-business.html
The companies in construction industry need to have a comprehensive and cohesive list of ‘Action items’ to thwart cyber-attacks against their IT infrastructure. Below are the 3 most significant cybersecurity exposures facing the construction industry today:
Client’s Confidential Information
Personal Identifiable Information (PII) can be nearly anything, and not just credit cards, and website access passwords. Construction companies often deal with confidential information such as building specs and drawings, which can be valuable to cyber threat actors making the companies target for Phishing, Malware, Ransomware, etc.
The most expensive loss a construction company can suffer is the ‘Construction Delay’. The companies usually spend a lot of time managing known delay-causing risks such as weather, material inventory and staffing. Cyber-attacks can result in very costly business interruption, but sadly often ignored by the companies when planning a project. The companies need to have a granular Cybersecurity strategy where Cyberthreat risks are calculated on each and every project.
The availability and affordability of smart mobile technology has made doing business easily from remote places at the same time opened up a huge cyberthreat risk across the board. Construction industry is exposed to same threats. The project itself is typically being completed in one location, but there are usually a number of people involved remotely, exchanging information through many different mobile devices. This creates a whole IT infrastructure completely vulnerable to cyber-attacks if certain specific measures are not implemented.