Cyber Security and the Construction Industry

9 December 2022

The initial reaction of many organisations that have been targeted by a cyber-attack is one of disbelief. This is based on the notion that such crimes only affect ‘other industries.’ While crimes involving fraud have traditionally focused on financial institutions such as banks where money can be extracted or redirected, we have seen a shift in targets during the past year or two. This shift has been highlighted by recent high-profile attacks targeting non-financial companies such as phone carriers and medical providers and insurers.
One sector that has come under attack as cyber criminals expand their scope has been the construction industry. The increasingly digital nature of modern business means that all organisations rely on data security to operate. A hacker that can encrypt the data of a construction firm can bring a project worth tens of millions to its knees.
A construction company’s data will typically contain architectural plans and other similarly complex source documents. It will contain timeline schematics detailing which contractors are due to complete their portion of a given project. It will contain contact information for dozens if not hundreds of suppliers. Every aspect of the construction process will be laid in documents that cannot be recorded on pieces of paper. Without this critical data, construction activity simply grinds to an expensive halt. Every hour of lost productivity on a large construction project can cost enormous sums.

The expanding cyber attach surface in construction.

Construction-related businesses face the same fundamental cyberattacks and threats as other industries but have unique risks that are
associated with specific tools they use for managing data, delivering services and systems control. These include;

So, while construction projects are normally thought of in terms of physical materials such as concrete and steel, they are 100% reliant on internal data to operate. A successful ransomware attack on a large construction company can see hundreds of tradespeople down tools while the matter is addressed. Ransom demands in such cases often reach into the millions because hackers know the value of the data they control.

Our recommendation to construction companies is the same as any large organisation – if your enterprise relies on critical business data, you must expect that cyber criminals will look to exploit that reliance at some stage. Picture a scenario wherein your business data has been encrypted by online criminals. Then a ransom demand arrives. What is going to cost for every hour, day, week that your data cannot be accessed?

We know that organisations that do opt to pay a ransom often do not receive access to their data as promised. And in the case that encryption keys are provided that do work, the company will often be hacked again within months. Once business data has been compromised, there are very few happy outcomes.

For businesses that are considering reviewing and upgrading their cyber defences, we recommend a comprehensive audit by a reputable security provider that includes penetration testing. Make sure your potential security partner has experience within your industry and can offer a tailored solution rather than an off-the-shelf product. And look for longevity. Many providers have not been around long enough to prove they are up to the task of delivering comprehensive protection.  

For more information, speak with a qualified cyber security expert today.         

back to blog