New cyber risks in the construction industry

No industry is immune to cybercrime: if you use a computer system (regardless of how often, its size or its sophistication), your business could suffer an attack. It follows that the more computerized technology you use, the more vulnerable your business could become to things like ransomware, spear phishing scams, cyber fraud, and digital hijacking. As construction and contracting technology is used more frequently on and offsite, cyber risks in construction continue to grow.

But is this reason enough to ditch your digital tools? Perhaps not. Given the boost in safety and efficiency that technology can bring to a construction project, it might make better sense to get familiar with the growing cyber risk in construction, and then consider how best to manage it before you swear off the technology altogether.

How does cybercrime target construction companies?

The digital revolution is a double-edged sword for construction companies: robotics, file sharing, and imaging software can help your business reach new heights, but they can also open the door to tech-savvy rogues. Some of the most targeted construction and contracting assets include:

  • Designs (like architectural and engineering drawings).
  • Intellectual property (like design rights).
  • Financial information (from corporate accounts, and customer and vendor accounts).
  • Personal information (employee names, Social Insurance Numbers, and bank account data).
  • Files or account information that could be held for ransom.
  • Infrastructure (smart technologies make physical buildings digital targets).

Financial loss is a major concern when it comes to cybercrime, but it’s not the only potential consequence. You could also lose your advantage as an industry-leader if proprietary designs or other R&D assets are leaked, and “smart” devices in your buildings could beckon hackers who may hijack them for their own purposes.

The digital revolution is a double-edged sword for construction companies: robotics, file sharing, and imaging software can help your business reach new heights, but they can also open the door to tech-savvy rogues.

More connectivity means more weak points

New digital tools are helping construction companies work more safely and efficiently, and while only around 30% of construction and contracting businesses are currently making use of robotics and automated systems, that number is likely to grow.

The downside is that major advancements in digital connectivity have left the construction industry particularly vulnerable to cybercrime. Remotely accessible systems, like Building Information Modeling (BIM), project management software, and autonomous vehicles can create more opportunities for cyber criminals to breach your defenses. Once you adopt integrated robotics to assist in builds, drones to monitor worksites, and Internet of Things (IoT) technologies for your structure, you could be exposing reams of data without realizing it.

Hackers can use one contact to gain access to many

Whether you’re a small business, mid-size company, or nation-wide construction corporation, a leak of information could mean the end of the road for your operations. In some cases, a hacker will target the account of a contractor or subcontractor in order to gain access to their clients.

However, the problem can come from within your organization, too. Consider the case of Turner Construction: after an employee mistakenly forwarded sensitive tax and earnings info to a fraudulent email address, all of the company’s 5,600 North American employees were affected – potentially exposing them to identity theft.

Cyber myths to reconsider

When it comes to cybercrime, there’s a lot of information out there, and not all of it should be trusted. First off, the belief that cyber attacks only hit large companies is a dangerous misconception, considering that nearly half of cyber attacks target small businesses. A 2017 Ipsos survey has also returned a startling statistic: half of all Canadian C-suite executives and almost 25% of entrepreneurs report that they experienced a cyber breach in the past year.

Money is clearly a major motivation for hackers and other digital deviants, but that’s not the only prize worth fighting for. In some cases, espionage or extortion are used for social or political gain, but for others it’s simply the notoriety that comes from carrying out a major, widespread cyber attack. The fact is that many construction companies will fit the bill for cybercriminals – whether the goal is money, espionage, or fame – due to the depth, sensitivity, and value of the business’ data.

What’s your next move?

Knowing the risks is important, but reflection will also help you improve your risk management. In order to be able to protect your business, you’ll want to put some thought into which aspects of your business operations may seem most attractive to a cybercriminal. This is no small feat; any business will need to put in some time and research to come up with a good understanding of their vulnerabilities in order to build up a strong defense.