Ransomware targeting construction firms

by | Dec 15, 2021 | Business, Cybersecurity

While most medium-size construction operations are deeply reliant on technology, investment remains low compared to other industries. Over the years, we gained insight into some of the common problems with regards to IT that plague the sector, and we have some simple and easy to implement solutions to help navigate these challenges. 

IT is perceived as a general expense  

Technology needs to be valued as critical to success. IT can drive operational efficiency, market competitiveness and innovation (drone video of job sites, remote tablets for ERP etc.). 

Consider how technology can scale your business. 

Reliance on break-fix IT or an internal employee with little formal training (i.e., Controller / IT Manager aka “the slash”). 

The break-fix model of IT management is not a sustainable way to run a business. This approach does not include long, medium, or short-term planning or budgeting. If you are managing IT in-house, get an outside perspective. You need to be aware of risks of any size. An outside perspective can come in the form of a third party IT assessment.  

Break-fix IT management is as it is named: something stops working and the user contacts the IT company or person that they have on call or on staff. Break-fix is a putting out fires practice that leads to perpetual problems popping up, technical debt, as well as employee churn, poor productivity, and a lack of process. IT is an integral part of almost all businesses and a lack of process results in many business risks including cybersecurity. 

construction IT

Source: Datto

Minimal employee cybersecurity awareness training 

It is our recommendation to offer up-to-date cybersecurity training to all office employees. 

Consider the risks and ask yourself: 

  • What is the size and volume of your financial transactions? 
  • How old is your hardware? Are you using out-of-date software? 
  • Calculate the cost of downtime and include the cost to recover all data in the event of a ransomware incident.  
  • Can you attract and retain the best employees with suboptimal technology? 
  • How much do lost opportunities cost you because you are falling behind your competition?According to eSub Construction Software, “The transition to technology is one of the top issues facing the construction industry in 2022, but it can also shape the future.” 

Here is an interesting perspective. Construction businesses are taking their time getting up to speed with IT. Yet, if you consider that 100 years ago the nail gun, circular saw, and cement mixers didn’t exist. These are important tools to the trade. The advent of these products was considered “technology” when first introduced. 

IT is no different, this is especially so with construction-specific software, communications, document storing, sharing, and viewing and so much more. 

The shift: Technology is making the construction industry much more connected

The construction industry is now starting to make the shift towards technology and automation due to the rapid growth in communication and document sharing, data and use of the internet on-site. An increasing number of tradespeople are using portable technology out in the field. 

These technologies are transforming planning, design, construction, operations, and the maintenance of the building process. With good technology investment the impact is positive on outcomes of projects in terms of time, costs, quality of work, and overall productivity. 

Keeping up with the shift toward digitization is important. Automation to do with robotics, 3D printing and better made tools will propel the haves forward and leave the have-nots behind.

Cybersecurity specific to the construction industry 

Cybersecurity is currently the major concern. Industry research and studies have proven that there continues to be a major under investment in training and dollars directed toward security. Although hardware, software and how one connects to the office or the internet all matter, the primary weakness in cybersecurity is in the ability of the user.  

There happens to be a long history of under investment in this sector towards technology, and training.

Cloud-based email breaches cost the North American construction industry over $2 billion during 2018-2020. 

Besides password compromises, there are several other tactics that hackers use to infiltrate companies. They include: 

E-mail phishing. Techniques include email spoofing, where fraudsters pose as trusted email senders asking recipients to click on links enabling them to gain access to data. 

Domain name impersonation. Attackers purchase a domain name similar in appearance to a company’s or vendors. Changing one letter to a similar number is a favourite go-to practice currently. View email addresses carefully. 

Name dropping. Bad actors will create email addresses that appear to be a CEO’s personal address, then ask an employee, for instance, to buy gift cards to a given address. 

Unauthorized access. Hackers gain unauthorized access to a company or vendor email and use the compromised legitimate mailbox to send email messages. The hacker is in control of the outgoing messages being sent. This happens all the time and can be costly. 

Password guessing. Hackers possess tools to guess passwords. Hackers know and try common passwords like Superman123. Remember the Ashley Madison hack several years ago? The top passwords were, Superman, Superman123 and the top-three were, “123456,” “12345,” and “password.”

Many of the hacks and breaches have originated from users not being vigilant with passwords, clicking on bad email messages or careless connectivity when out in the field. 

Learn how we can help support your construction firm