Is Construction the Next Big Cybercrime Target?

Credit: NordVPN | Teams

By NordVPN | Teams

The construction industry may not appear to be an obvious target for cybercrime, but it garners unwanted online attention just like other sectors. According to the Cost of Data Breach Report 2020 by IBM, the average cost of a data breach in the industrial sector was $4.99M.

GlobalData, a data research company, predicts that the industrial sector’s value will soar to $12.9T by 2022. After rising consistently by 3.6 percent since 2018, it has now caught the eye of cybercriminals. Over half of all construction executives believe their firms will be hit in the future, yet worryingly, 68 percent of firms have no security measures in place.

The industry’s vulnerabilities were exposed on both digital and operational levels recently, as cybercriminals attempted to compromise water treatment plant networks and poison the water supply in Florida. Most devices had a basic network connection, meaning heavy machinery could’ve been commandeered, leading to disastrous consequences.

IBM’s X-Force Threat Intelligence Index 2021 has observed a 49 percent annual increase in industrial control system (ICS) attacks.

Other cybercriminals may aim for digital assets transferred or stored insecurely. Workers are increasingly dependent on digital tools in everyday operations. Innovative building firms employ Building Information Modeling as a central database for blueprints, designs, and other assets. BIM is also used for collaboration with stakeholders from different building-related areas. Using devices and construction tools that are connected, workers can update BIM in real-time, improving communication and efficiency. The amount of end-point devices mean the risk of exposing sensitive information is extremely high.

Data breaches primarily affect company processes, resulting in prolonged downtime and operational disruption. Verizon recently found that only 5 percent of data breaches are caused internally, whereas external factors cause 95 percent. Security teams should implement segmented network solutions such as Virtual Private Networks to strengthen their corporate IT infrastructure.

How to Protect Corporate Network and Data

  • Secure mobile workforce. Remote-working is relatively commonplace for builders shifting between different construction sites. If workers need assets from the cloud or a corporate network, make sure they’re accessing them via an encrypted and secure VPN
  • Establish a protected network. Building projects rely on teams constantly communicating with each other. All manner of different assets pass through networks that are often unprotected. A business VPN puts all workers and building sites within a secure software-defined perimeter and safely protected from outside threats.

It should also be established whenever construction ceases. Connecting smart sensors to a VPN will hide the network and protect it against cyberattacks.

  • Check your third-party stakeholders. Building developments involve contractors, sub-contractors, architects, consultants, and clients — all parties communicating regularly.
  • Ensure general cybersecurity. Some business VPNs provide custom gateways for different teams and branches. It enables access to cloud resources or company servers but directs traffic from other building sites separately. Contractors are also responsible for installing and setting up smart control systems on their network. It’s their responsibility to maintain security, regularly update default passwords, and lead by example for the rest of the industry. (Source)

Be the first to comment

Leave a Reply

Your email address will not be published.


*