Cybercriminals have recognised the potential for rich pickings in the construction sector as it continues to expand the use of digital solutions and automation.
Within four months this year, four major UK contractors were the victims of sophisticated malicious attacks targeting their systems.
As construction embraces digitalisation and automation, the risks from costly and damaging cyber attacks rise exponentially. Last year, almost half (46%) of UK businesses experienced a cyber security breach, with that figure rising to 68% for medium companies and 75% for large firms.
There’s no doubt that construction is investing more in cyber security than ever before, but companies need to understand that effective protection is reliant on a security culture across the entire business, not just the technical protection that IT teams have installed. Over 80% of successful cyber attacks are from phishing, whereas the incidence of virus or malware attempts has dropped significantly in recent years to around 15%. Phishing relies on human error or misjudgement, its crucial staff are aware of the risks and work in a culture that operates best practice for password security and information sharing.
Construction companies must also look beyond their own teams to ensure that a cyber secure culture runs throughout their supply chain partnerships. The use of shared digital platforms and software solutions across project delivery means that your business is only as secure as the weakest link in the supply chain.
Large public sector infrastructure projects are increasingly demanding evidence of robust cyber security arrangements and corporate policies. The Government backed Cyber Essentials certification is mandatory for most public contracts as reassurance that appropriate basic measures have been put in place to protect from cyber attack.
The onward march of automation presents another opportunity for cybercriminals. Any machinery that has to connect to a network and is part of the ‘internet of things’ becomes a potential door into corporate servers and all the data that resides there.
The industry needs to collaborate on cyber threat and share experience and information to mitigate the risk for everyone. In the analogue age, we used to say that car thieves were so good that they could crack a new car alarm within hours of it coming to market. In this digital age, the best way to keep up is by instilling a cyber secure culture across the organisation and it’s supply chain partners to mitigate the risk.