The construction industry may not appear to be an obvious target for cybercrime, but it garners unwanted online attention just like other sectors. According to the Cost of Data Breach Report 2020 by IBM, the average cost of a data breach in the industrial sector was $4.99 million.
GlobalData, a data research company, predicts that the industrial sector’s value will soar to $12.9 trillion by 2022. After rising consistently by 3.6% since 2018, it has now caught the eye of cybercriminals. Over half of all construction executives believe their firms will be hit in the future, yet worryingly, 68% of firms have no security measures in place.
Growing attacks on industrial control systems (ICS) threatens builders
The industry’s vulnerabilities were exposed on both digital and operational levels recently, as cybercriminals attempted to compromise water treatment plant networks and poison the water supply in Florida. Most devices had a basic network connection, meaning heavy machinery could’ve been commandeered, leading to disastrous consequences.
IBM’s X-Force Threat Intelligence Index 2021 has observed a 49% annual increase in industrial control system (ICS) attacks.
Other cybercriminals may aim for digital assets transferred or stored insecurely. Innovative building firms employ Building Information Modeling (BIM) as a central database for blueprints, designs, and other assets. Using devices and construction tools that are connected, workers can update BIM in real-time, improving communication and efficiency. Though, the amount of end-point devices means the risk of exposing sensitive information is extremely high.
“The construction industry is heavily interconnected. Several building sites need to exchange data with headquarters and routinely access cloud services. Most workers use laptops and other end-point devices, with architects, engineers, and sub-contractors contributing online. The building industry isn’t manual labor anymore — it’s a sophisticated and digitally-managed trade, using high-end innovations and tools,” says Juta Gurinaviciute, the Chief Technology Officer, NordVPN Teams.
Data breaches primarily affect company processes, resulting in prolonged downtime and operational disruption. Verizon recently found that only 5% of data breaches are caused internally, whereas external factors cause 95%.
How to protect corporate network and data
Secure mobile workforce. Remote-working is relatively commonplace for builders shifting between different construction sites. If workers need assets from the cloud or a corporate network, make sure the data is encrypted.
Establish a protected network. All manner of different assets pass through networks that are often unprotected. A business VPN puts all workers and building sites within a secure software-defined perimeter and safely protected from outside threats.
Check your third-party stakeholders. Building developments involve all parties communicating regularly. Before providing a third-party with access to your corporate network, make sure robust cybersecurity measures are in place.
Ensure general cybersecurity. Contractors are also responsible for installing and setting up smart control systems on their network and maintaining security, regularly updating default passwords, and leading by example for the rest of the industry.