How Construction Firms Can Minimize Cybersecurity Risk: Part 1 of 2
Is minimizing a potential data breach a priority for most construction CIO’s? With more construction firms making recent news as victims of cyber attacks, contractors of all sizes are beginning taking note.
In previous years, construction companies did not rely on technology as much as other industries, keeping most data on-premise or even paper. As teams become more collaborative by moving their assets to the cloud, enabling employees to access information from anywhere, it has spurred a productivity revolution not seen in the construction industry for over 50 years.
As employees continue to rely on cloud technologies, constructions companies are beginning to notice the security implications. Contractors can now communicate in real-time with vendors or potential clients sharing files, project bids, or access to building information management systems. With the added productivity also comes costly security risks begging the question: How much security must be traded for connectivity?
According to the recent Verizon 2017 Data Breach Investigations Report, 81% of business-related security hacks involved either weak or stolen credentials. For CIO’s, this means that one password intercepted, even if by accident, can mean access to your company records including payroll, social security numbers, customer lists, and sensitive bid details. Passwords are just not enough to secure your valuable information.
Recent Industry Breaches
The report shines a light on the ugly truth of the construction cybersecurity world: traditional ways of logging in and managing employee access need to be secured. To quote the article, “if a username and password are the only barriers to escalating privilege or compromising the next device, you have not done enough to stop these actors.”
Although Turner Construction and Whiting-Turner Construction, two of the nation’s largest contractors, garnered recent media attention for high-profile data breaches, it is the small to medium-sized companies most at risk.
A recent survey by the British government found nearly half (46%) of small business discovered at least one cyber-security attack or breach over the past year. The report also highlighted some interesting cases.
According to the BBC, It said a large materials supplier for the construction industry faced “significant and ongoing” attacks, despite not having any e-commerce activities of its own.”
“This included over 3,000 phishing emails a month and various ransomware attacks,” the report noted.
“The most damaging case of ransomware at the firm in question caused its IT team to lose ‘around two weeks’ of productivity.”
Given the increased popularity of building information modeling, integrated project delivery, and file sharing, contractors might find themselves with increased liability should a data breach occur.
So how does an industry, which for 50 years has not been worried about high-tech criminals, respond to such a pervasive and fast-moving threat? Stay tuned for part two of our ‘How Construction Firms Can Minimize Cyber Security Risk’’ series for actionable tips on staying secure and increasing productivity.
Click here to sign up for our mailing list to receive more construction industry authentication news.