Cybersecurity and why it should be a CORE FOCUS for the construction industry
Traditionally, the construction industry has been a very hands-on, machinery and equipment-focused one where thoughts of vulnerabilities to cyber-attack have been at best, limited and in some cases, non-existent. Smaller companies in particular assume they have fewer vulnerabilities than larger players in the industry and because the explosion of digital software in the industry itself is relatively new, so too are considerations related to maintaining the safety of related data. With recent, large-scale cyber-attacks, including one against a Canadian company, its time cybersecurity became a core focus of your construction company – for your own benefit and those of all the vendors with whom you interact.
As outlined in a recent report by Deloitte, “attacks on organizations in critical infrastructure sectors have increased dramatically, from less than 10 in 2013 to almost 400 in 2020!” That’s a 3,900% increase and one that should have construction professionals focusing heavily on cybersecurity. 1The risks are numerous, and costly. They include:
- Significant downtime and business interruption
- Breach of your intellectual property and intellectual theft
- Fraudulent wire transfers – using elaborate scams that my even reference your family & friends
- Ransomware – as the name implies, a demand for payment before releasing your data
- Not just downtime will result from cybersecurity risks but also project deadlines, supply chain issues and a trickle-down chain of events that impacts every level of your site operations and those of your vendors/suppliers too.
The staggering and trickle-down costs of a cybersecurity attack are almost incalculable and are certainly significantly more than just the price of any ransomware demand.
Evaluating your risks
Vulnerabilities in the construction industry are many and primarily related to the multiple entry points from which cyber-attacks can occur. Remote work presents greater challenges to maintaining strict controls and with multiple workers, contractors and vendors on a construction site or working remotely from home or an office, opportunities for hackers abound.
According to a study done by Safetydetectives.com, “construction companies were the third most common type of industry to be targeted by hackers—more than 13 percent of the total. And according to the website Cybertalk.org, in 2020 – 2021 nearly one out of every six construction firms reported a ransomware attack.” 2Compounded by the variety of software programs used in construction, the use of various platforms – whether Mac or PCs are the primary tools of choice, you have a recipe for potential disaster.
The first step in any plan of action is fostering awareness. If you were not already aware of the potential risks to your cybersecurity systems, consider this short overview, an introduction. Now that you are aware, it’s time to undertake a plan of action that clearly identifies the level of threat and puts strategies in place to minimize the risk. Consider:
- A complete risk assessment, identifying potential entry points and level of risk. Include your suppliers, general contractors, and subcontractors, in short everyone on or with access to your project, remotely or in person.
- Identify effective risk mitigation strategies after this thorough analysis and develop a plan of action.
- Embed new cyber security systems into every aspect of your business and make cybersecurity a part of your culture from the top down.
- Have strong plans in place for the “what if” scenarios and ensure everyone is trained in the risk/response strategies and their immediate implementation.
- Have insurance in place to help recover from worst case scenario outcomes.
No one industry is immune to the threat cyber-attacks pose and in fact, recent history is demonstrating that construction can be particularly vulnerable. If you have not already given thought to a comprehensive overview of your risks and vulnerability to a cyber-attack, it’s time to do so now. A 3900% increase over the last almost ten years indicates those with a nefarious mind have identified recent advances in the use of technology on the construction site as an opportunity waiting to be exploited.
Don’t fall victim, make cybersecurity your core focus in 2023! And if you have any questions or just wish to discuss how Plexxis can help secure and protect your valuable information assets, please contact us at firstname.lastname@example.org.