Construction companies are vulnerable to cyber-attacks just like every other company. During the COVID pandemic, cyber criminals quickly recognized the construction industry was lacking behind in security and privacy initiatives, making them lucrative targets for extortion. The growing reliance on collaborative digital information including financial accounts, employee data, BIM modeling, drone video, scanner surveys, and business sensitive information in the construction industry have all accounted for an increase in cyber-attacks and the risk of ransomware.
Ransomware targets both human and technical weaknesses in an organization. Ever increasing quantities of phishing emails target victims to click on malicious links or attachments containing malware with the goal to encrypt and limit access to critical systems of a company. In North America, several general contractors have been impacted by ransomware, requiring ransom payments to receive decryptions keys and restore access to servers and data. On average, ransomware victims realized three weeks of system downtime and tens of million dollars of expenses including lost productivity and the potential for employee retention issues and lost credibility.
Defending against cyber-attacks consumes time and money and, unfortunately, it is a game that never ends. Constant security enhancements often impact system performance, and most are not popular among employees. Identity access controls including password lengths, multi factor authentication (MFA) and biometrics continue to evolve but also come with shorter expiration times. As information technology teams continue to defend the perimeter, employees must defend their user identities. Neither can let their guard down but if they do, cybercriminals will be waiting.