Cybercriminals are increasingly on the prowl for vulnerable corporate targets. In this article, Bluebeam explore the basic cybersecurity in construction facts, and what companies need to know to start defending themselves
The world is increasingly digital. Day by day, more and more of our lives are facilitated by internet technologies, bringing both tremendous benefits and risks.
The construction industry has seen a similar swift rise in the use of digital, internet-connected technology. Software, in particular, continues to grow as a critical tool in the building process. The global construction software market totals around $9.6bn (£8.42bn) , according to Grand View Research, and is expected to grow by a compound annual rate of 8.5% from 2022 to 2030.
The rise of technology in construction comes with many new risks, chief among them cybersecurity. Put simply, the more data harvested by construction companies through technology as they build projects, the more vulnerable that data becomes as a target by cybercriminals.
Hackers intent on breaching organisations’ data systems and extorting them for significant dollar amounts are increasingly keen on targeting the construction industry.
Several recent high-profile cyberattacks in the industry highlight the urgent need for firms to bolster their cyber defences.
Recent construction cybersecurity hacks
In January 2020, French contractor Bouygues fell victim to a ransomware attack that temporarily shut down and cut off some of its critical computer systems.
The Maze ransomware gang claimed responsibility for the attack by posting online a 1.2 gigabyte file containing vital Bouygues data. The attack came just days after Maze struck Canadian contractor Bird with a similar attack.
The following May, in two separate incidents, two UK-based hospital construction companies, Bam Construct and Interserve, were each targeted by a cyberattack that shut down some of each company’s computer systems.
And after Russia invaded Ukraine in February 2022, Construction Dive reported increased warnings that Russian-led cyberattacks were poised to target construction firms.
The rise of cybercrime in construction should have all industry leaders on notice. But before they can bolster their firms’ cyber defences, it is important that they first understand what proper cybersecurity looks like.
What is cybersecurity, and how can companies protect themselves?
Cybersecurity is the art of protecting networks, devices and data from unauthorised access or criminal use, according to the Cybersecurity & Infrastructure Security Agency, as well as the practice of ensuring confidentiality, integrity and availability of information.
There are several diverse ways organisations should conceptualise their cybersecurity. To ensure construction companies are as protected as possible from cyber threats, it is critical that their defences include each of these cybersecurity elements.
Network security
This is being able to protect data from unauthorised users via an organisation’s computer network. It includes an organisation’s firewall, email security, antivirus measures, anti-malware security and data loss prevention.
Information security
This element protects an organisation’s critical business information from destruction, disruption and alteration; it includes an organisation’s cloud security, cryptography, vulnerability management and incident response.
End-user behaviour
This component ensures an organisation’s end-users (employees, contractors, etc) are properly educated on the individual behaviours needed for security best practices. This includes knowledge of the several types of cyber threats, including phishing scams and actions required to guard against such threats, like device security, password creation and physical device security.
Infrastructure security
This consideration is meant to protect critical information from corruption, sabotage or terrorism. It includes aspects such as network infrastructure, data centre protection and security, as well as managing power, cooling systems and water supplies for these physical assets.
Understanding these cybersecurity basics is a critical first step construction leaders need to take to start to shore up a firm’s cyber defences.
Download Bluebeam’s white paper on the importance of cybersecurity in construction.