Illustration by Wenting Li
The world is increasingly digital. Day by day, more and more of our lives are facilitated by internet technologies, bringing both tremendous benefits and risks.
The construction industry has seen a similar swift rise in use of digital, internet-connected technology. Software in particular continues to grow as a critical tool in the building process. The global construction software market totals around $9.6 billion, according to Grand View Research, and it is expected to grow by a compound annual rate of 8.5% from 2022 to 2030.
The rise of technology in construction comes with many new risks, chief among them cybersecurity. Put simply, the more data harvested by construction companies through technology as they build projects, the more vulnerable that data becomes as a target by cybercriminals. Hackers intent on breaching organisations’ data systems and extorting them for significant dollar amounts are increasingly keen on targeting the construction industry.
Several recent high-profile cyberattacks in the industry highlight the urgent need for firms to bolster their cyber defences.
In January 2020, French contractor Bouygues fell victim to a ransomware attack that temporarily shut down and cut off some of its critical computer systems. The Maze ransomware gang claimed responsibility for the attack by posting online a 1.2 gigabyte file containing vital Bouygues data. The attack came just days after Maze struck Canadian contractor Bird with a similar attack.
The following May, in two separate incidents, two UK-based hospital construction companies, Bam Construct and Interserve, were each targeted by a cyberattack that shut down some of each company’s computer systems. And after Russia invaded Ukraine in February 2022, Construction Dive reported about increased warnings that Russian-led cyberattacks were poised to target construction firms.
The rise of cybercrime in construction should have all industry leaders on notice. But before they can bolster their firms’ cyber defences, it is important that they first understand what proper cybersecurity looks like.
Cybersecurity is the art of protecting networks, devices and data from unauthorised access or criminal use, according to the Cybersecurity & Infrastructure Security Agency, as well as the practice of ensuring confidentiality, integrity and availability of information.
There are several diverse ways organisations should conceptualise their cybersecurity. To ensure that construction companies are as protected as possible from cyberthreats, it is critical that their defences include each of these cybersecurity elements.
Network Security: This is being able to protect data from unauthorised users via an organisation’s computer network. It includes an organisation’s firewall, email security, antivirus measures, anti-malware security and data loss prevention.
Information Security: This element protects an organisation’s critical business information from destruction, disruption and alteration; it includes an organisation’s cloud security, cryptography, vulnerability management and incident response.
End-User Behaviour: This component ensures that an organisation’s end-users (employees, contractors, etc.) are properly educated on the individual behaviours needed for security best practices. This includes knowledge of the several types of cyber threats, including phishing scams and actions required to guard against such threats, like device security, password creation and physical device security.
Infrastructure Security: This consideration is meant to protect critical information from corruption, sabotage or terrorism. It includes aspects such as network infrastructure, data centre protection and security, as well as managing power, cooling systems and water supplies for these physical assets.
Understanding these cybersecurity basics is a critical first step that construction leaders need to take to start to shore up a firm’s cyber defences.