Why Construction Companies Need to Build Better Cybersecurity

You may be too busy building to notice the threat of cybercriminals. Yet the construction industry has become a more attractive target, especially given the industry’s high cash-flow nature.

Case in point – the 2013 Target breach stemmed from a HVAC contractor: http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/

While not typically viewed as an early technology adopter, more and more contractors have been dabbling in digital to make their jobs easier. As a result, there are new inroads open to criminals—through computers, laptops, smartphones and even computer-managed “smart” equipment. “The focus of malicious actors on the construction industry is expected to increase significantly within the coming years as construction firms begin standardizing the integration of ‘smart’ devices and IoT devices such as thermostats, water heaters, and power systems,” says Alexander Heid, chief research officer at SecurityScorecard. “These new IoT devices will create a larger attack surface that previously did not exist.” What do these thieves want? Company secrets, client information, money.

If the assumption is that only “mega “contractors should worry, that’s exactly what the cybercriminals want you to believe. In reality, small and mid-size construction companies make attractive targets because they are more likely to lag behind with regard to online security. Their employees may also be more susceptible to phishing and typically lack awareness of their digital vulnerabilities. It’s probable that few construction companies have invested in adequate employee training either. This lack of online protection “is endemic to a number of industries,” says attorney Michelle Schaap of Chiesa Shahinian & Giantomasi in New Jersey, adding that with the exception of the financial and healthcare sectors, “many industries still have their heads in the sand.”  Need more convincing? How about the fact that more than 50 percent of all cyberattacks are on small businesses, with the average breach costing nearly $4 million.

Of course, you didn’t go into construction to take care of computers, and cybersecurity is definitely not a job for the do-it-yourselfer. Instead, rely on a security expert to help you not only establish safeguards against an attack in the first place, but also prepare an adequate response should one occur. If you’re unsure where to start, simply let your MJ contact know your concerns and we can provide supplier references, while also reviewing the kinds of insurance protection you should have in place to be fully protected.