In making this vital transition, however, construction businesses across the globe have opened themselves up to the threat of cyber attacks. This has been compounded by the pandemic, with employees increasingly working from personal devices, unsecured public Wi-Fi networks and remote desktops – all of which are opening up firms to cybersecurity threats.
Firms fall victim to ransomware
Within a four-month period in 2020, three construction companies fell prey to hackers. Both Bam Construct and Interserve, which had respectively helped deliver COVID-19 Nightingale Hospitals in Yorkshire and the Humber and Birmingham, as well as major contractor Bouygues UK, fell prey to malicious attackers seeking to cause maximum disruption amid the early chaos of the COVID-19 crisis. Both Bam Construct and Bouygues were victims of so-called ‘ransomware’ attacks, whereby criminals exploit vulnerabilities in companies’ computer systems and either block access or threaten to publish sensitive data unless a ransom is paid, while Interserve suffered a major data breach.
Commercial contractors join forces against cyber attacks
So serious is this issue becoming that some of the UK’s largest building contractors have joined forces to stamp out cyber attacks within the industry. The group, which comprises representatives of Royal Bam, Balfour Beatty, Kier and Morgan Sindall and calls itself the Chief Information Security Officer Forum, is meeting regularly in order to develop cybersecurity guidance for the wider industry in a bid to combat the increasing threat of hackers. Particularly, the group is working to tackle the threat of cyber attacks in joint ventures and developing processes to alert one another if an attack takes place that has the potential to compromise the security of other contractors on the project.
Building cyber resilience
Shockingly, and despite the increasing threat of online attacks, 68% of construction executives have no cybersecurity measures in place, according to recent research. And yet, according to IBM calculations, the average cost of a data breach is a staggering USD 4.24m! So, what needs to be done to bring the industry up to scratch?
Top tips for construction cybersecurity
- Conduct an audit
Using an external firm to conduct a thorough audit of your IT system will help expose cracks and vulnerabilities in your system. Then you can put in place strong systems and controls to reduce the chances of criminals exploiting these security gaps.
- Staff training
The biggest risk to any firm’s cybersecurity is its staff. If they aren’t adequately trained in recognising threats like phishing emails, they may click on malicious links or download malware without realising the dangers, compromising the whole system.
- Use up-to-date antivirus software
This will work as a first line of defence against viruses and other malware.
- Use a password manager
Never being able to remember passwords is a common problem among businesses and individuals alike. That’s why it’s important to use a secure password manager such as 1Password, which enables businesses to securely store and access strong passwords with a single access code.
- Implement a data breach plan and train staff to respond
Speed is of the essence when responding to a cyber-attack, and can help limit the financial and reputational damage your business could suffer in a worst-case scenario. Come up with an action plan and run drills with staff so they know how to respond in the event of an attack.
Cyber insurance matters
As well as taking out construction insurance to protect their businesses from physical losses and damage, construction businesses should also be protecting themselves against the risk of cyber threats with a cyber insurance policy. The future of construction is undoubtedly digital, meaning that the industry must start focusing on virtual, as well as physical, risks.