The introduction of the technology makes the construction industry a top target for cyberattacks


Diving letter:

  • Construction is the number one ransomware-hit industry, according to an analysis of 1,200 companies in 35 different industries from NordLocker, an encryption software company based in the UK and the Netherlands. Ransomware is a computer virus that takes over the target device until the victim pays a fee to regain access, usually through cryptocurrencies.
  • Victims of ransomware attacks in the construction industry ranged from an Asia-based group of civil engineering companies advising on projects estimated at $ 20 billion annually to small family businesses like a roofing company in Texas, according to the report.
  • Industry experts said construction companies are most susceptible to losing money through email communications, malware, ransomware and, most recently, “Siegeware,” which specifically targets smart building technology.

Dive Insight:

The construction industry is becoming an increasingly attractive target for hackers. Recent examples are Bouygues Construction, a French construction company, the victim of one Ransomware attack in 2020. Same gang of hackers, Maze met a Canadian contractor before his attack on Bouygues.

While large companies generate more revenue to attract hackers, small businesses in the construction industry remain equally attractive targets for hackers, according to the NordLocker report.

This is because these smaller companies typically don’t run the same cybersecurity reviews as larger companies. This makes them easier targets for ransomware attacks, according to Oliver Noble, cybersecurity expert at NordLocker.

Bobbi Bookstaver, director of information security at Shawmut Design and Construction, based in Boston, said construction companies must have a plan before they become the next target.

As part of his cybersecurity strategy, Shawmut conducts extensive training with each employee as they hires during the year and again when they click on a phishing simulation to ensure they understand how to detect and counter a suspicious email to be done, said Bookstaver.

“In the absence of a single solution to counter an attack, the defense strategy should combine technology with a robust communication campaign to raise awareness, educate and provide the tools to act quickly in the event of an attack,” said Bookstaver. “Proactive preparation and a detailed cybersecurity strategy based on industry-leading technology, best practices, and rigorous training programs create a cutting-edge defense strategy.”

Facilities at risk

As more buildings are equipped with technology, they become targets too, said Katell Thielemann, research vice president at Gartner, a technology research and consulting firm based in Stamford, Connecticut

“It is very likely that after the current ransomware distribution, Siegeware will also appear,” said Thielemann. “This is because the moment buildings are connected, they become cyber-physical systems. And construction companies and building owners now face a whole continuum of cyber and physical risks and threats. “

In other words, cyber criminals are now mixing the concept of ransomware with hijacking a building’s automation systems. Video cameras, which are widely used in buildings, are “notoriously among the most vulnerable systems out there,” said Thielemann.

“IoT devices – asset tracking, workplace security, machine control, wearables, etc. – are typically the most vulnerable as these devices are often not designed with cybersecurity in mind,” said Bud Broomhead, CEO and founder of Viakoo, a Mountain View Company, California-based IoT security provider. “Particular attention should be paid to surveillance devices such as IP cameras, as cybercriminals can use these devices for detection operations to observe behavior, investigate materials and plan attacks.”

Other emerging threats are also in sight. This includes thinking about how construction sites can prevent remote-controlled drones from filtering out data or disrupting construction site work. When these devices are connected to GPS, contractors should consider how they can prevent jamming or spoofing, Thielemann said.

“Leaders in plant-oriented industries often regard cyber risks as something that only technology or e-commerce-oriented companies should worry about,” said Thielemann. “But they should take a step back and think about how their business would work without connectivity. All of those assets are now cyber-physical systems and they are at the core of what they do.”

Source link


About Author

Comments are closed.