Dec 3, 2021
113 Views
0 0

Tech adoption makes construction industry top target for cyberattacks

Written by

First published on
The construction industry is an increasingly appealing target for hackers. Recent examples include Bouygues Construction, a French contractor, falling victim to a ransomware attack in 2020. That same hacker gang, Maze, hit a Canadian construction contractor before its attack on Bouygues.
While large companies generate more revenue to attract hackers, small companies in the construction industry remain just as appealing targets for hackers, according to the NordLocker report. 
That’s because these smaller companies usually do not have the same cybersecurity checks in place as larger businesses, making them easier targets for ransomware attacks, according to Oliver Noble, cybersecurity expert at NordLocker.
Bobbi Bookstaver, director of information security at Boston-based Shawmut Design and Construction, said construction firms need to have a plan in place before they become the next target. 
As a part of its cybersecurity strategy, Shawmut conducts extensive training with each employee upon hiring, during the year, and again if they click on a phishing simulation to ensure they understand how to identify a suspicious email and what to do about it, said Bookstaver.
“With no singular solution to prevent an attack, the defense strategy should pair technology with a robust communication campaign to drive awareness and education and provide the tools to act swiftly in the event of an attack,” Bookstaver said. “Proactive preparedness and a detailed cybersecurity strategy built on industry-leading technology, best practices and stringent training programs create a leading-edge defense strategy.”
As more buildings have technology built into them, they are also becoming targets, said Katell Thielemann, research vice president at Gartner. 
“It’s very likely that we will see the emergence of siegeware following the current rash of ransomware,” said Thielemann. “This is because the moment buildings become connected, they become cyber-physical systems. And construction companies and building owners now have to face an entire continuum of cyber and physical risks and threats.”
In other words, cybercriminals are now mixing the concept of ransomware with hijacking a building’s automation systems. Video cameras widely used in buildings are “notoriously some of the most vulnerable systems out there,” said Thielemann.
“IoT devices — asset tracking, worksite security, machine control, wearables, etc. — are typically the most vulnerable, as these devices often were not designed with cybersecurity in mind,” said Bud Broomhead, CEO and founder of Viakoo, a Mountain View, California-based IoT security provider. “Special attention should be paid to surveillance devices, like IP cameras, as cybercriminals can use those devices for recognizance operations to observe behaviors, examine materials and plan attacks.”
Other emerging threats are also on the horizon. These include thinking about how construction sites can prevent remotely piloted drones from exfiltrating data or interfering with site work. If these devices are GPS-connected, contractors should think about how they can prevent jamming or spoofing, said Thielemann.
“Often, leaders in asset-centric industries think of cyber risks as something only technology or e-commerce centric businesses should worry about,” said Thielemann. “But they should take a step back and think about how their business would work without connectivity. All these assets are now cyber-physical systems and they are core to everything they do.”
Follow on Twitter
Get the free daily newsletter read by industry experts
Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.
More than 80% of developers knowingly release applications with insecure code, but experts say security and development don't have to be at odds.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started
Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.
More than 80% of developers knowingly release applications with insecure code, but experts say security and development don't have to be at odds.
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News

Comments are closed.