Kevin Soohoo, director of AEC at Egnyte, details the steps construction firms can take to combat ransomware as the industry continues to be an increasing target for hackers
Ransomware is a serious and growing problem for construction companies. Recent research reveals the true scale of the threat confronting the industry today. Almost half (44%) of UK construction firms surveyed confirmed they had experienced a ransomware attack in the past 24 months. Of these, one quarter (25%) had endured between two and four attacks, with an additional 5% hit with five or more attacks. When it came to recovering from ransomware, it took 28% of UK firms more than a week to get ‘up and running’ again.
The impact of a ransomware attack can prove costly. Commercial operations are brought to a standstill and projects are disrupted. The resulting delays to construction schedules can have major consequences that include extended downtime and tarnished brand reputations. With cyberattacks on the rise, construction firms need to be aware of and take proactive action against potential threats like ransomware.
What makes construction companies a top target for ransomware?
There are a number of reasons why the construction industry is proving to be such an enticing target for hackers. First of all, cybercriminals know that construction companies have little tolerance for downtime because of the schedule-driven nature of the industry.
But that’s not all. Construction firms often operate across remote job sites while sharing content and access to their systems among outside collaborators. This increases the number of endpoints that need to be managed to minimise exposure to attack. Remote teams are also heavily reliant on mobile devices and may set up local networks at remote sites. These devices and networks aren’t always under the full control of IT security teams, meaning important security protocols like software updates, app filtering, encryption, and other threat defences aren’t deployed.
Cyber attackers will always target the weakest link in an organisation’s defences, and remote users and BYOD devices offer plenty of opportunities for creating doors into the corporate network. Add in the fact that these front-line workers are tech users, but not necessarily IT security specialists who are trained to identify a ransomware attack, and you have the makings of an ideal set of potential openings that are ripe for hackers to exploit.
With modern methods of construction continuing to drive up digital connectivity and real-time information sharing between clients, contractors, and suppliers, cybercriminals have been quick to exploit the wealth of vulnerabilities that the recent rapid digitalisation of the sector has opened up for them. It’s not surprising then that over a third (39%) of UK construction firms say they find it difficult to securely share and govern files, while only 27% are highly confident that the right people have the right access to files at all times.
Are VPNs the answer to combat ransomware?
Virtual private networks (VPNs) have traditionally been the go-to approach for securely sharing data and files across distributed locations, but they were never really intended to handle the larger formatted files that construction firms produce.
Users often face extended delays awaiting responses to their access permission requests. Worse still, VPNs can impede accessibility, especially at lower-bandwidth locations like construction sites. In addition, these frustrations can result in remote employees skipping VPN use entirely and working outside of the company’s firewall, or perhaps even worse maintaining their own ‘offline’ copy that can quickly become out of date.
So, what steps should construction firms take to better secure their remote workforces and prevent infiltration by hackers resulting in a ransomware attack?
Reduce total data footprint
The construction industry has experienced an explosion in the amount of data and size of files used, making it difficult to manage this expanding volume of content while effectively securing it. A simple and relatively inexpensive strategy for construction firms to improve data governance is to reduce content sprawl. For instance, they can reduce the amount of redundant, obsolete, and trivial (ROT) data that they manage. Ultimately, this allows a company’s total data footprint to be reduced in the event of a breach.
Classify sensitive data
Having gained access to a system, hackers will look to spread laterally and take control of as many files on as many servers and computers as possible. To put the brakes on this process and gain enough time to identify and control a breach before systems are locked by ransomware, construction firms should implement file-level access controls across their most sensitive files, such as payroll information or confidential customer designs. By enacting policies that govern where that data lives and who can access it, organisations can reduce their risk of exposure. It’s an effective approach that makes it easy to share, collaborate on, and remove access to files as needed without requiring heavy IT management.
Monitor for abnormal activity
There are a variety of automated techniques that can be leveraged to quickly identify and isolate potential ransomware. These include unusual behaviour detection systems that can spot when a large number of files are accessed, deleted, or locked in a short period of time, as well as systems that can detect patterns associated with malicious attacks or identify the presence of ransom notes. The key to comprehensive ransomware detection is to have several threat detection systems running in tandem to ensure all potential entry points and operations are constantly monitored for zero-day threats. Therefore, the moment a ransomware attack is detected, remediation actions can be initiated.
Evaluate ransomware detection and recovery technology
While the best prevention is to not be impacted by a ransomware attack in the first place, it’s critical that construction firms are prepared for anything. They can put technology on their side by investing in a solution with document-level version control management or snapshot-based management to be able to recover more quickly from a ransomware attack. As an example, these types of technologies permit organisations to “roll back” to earlier versions of mission-critical files in the event of an attack.
Enable a holistic defence programme to combat ransomware
Staying one step ahead of ransomware attacks isn’t easy. Today’s shared information environments are creating significant security and governance challenges for construction firms. To combat the rising risk of ransomware and minimise the chances of an attack being successful, construction firms should enable a truly holistic defence programme featuring a combination of prevention strategies, content governance, end-user education, and detection/recovery measures.