As the largest industry in the UK, construction is now facing a hidden threat – cybercrime. It is now the fourth most targeted industry in the UK with 46% reporting attacks in the past year, up from 40% the year before.
As the industry quickly becomes more advanced in the way it works, with a greater reliance on remote systems, contractors and sub-contractors to architects, engineers and surveyors, all have access to IT platforms in a way that is unique to the construction sector, and this leaves them open and vulnerable to attack.
And yet, according to the Department of Department for Culture, Media and Sport’s Cyber Security Breaches Survey 2021, construction didn’t fare as well as other sectors when it comes to how much importance it attaches to cyber security, with construction at 64% versus 77% of businesses overall.
And only 5% of construction firms give staff awareness training.
Detective Superintendent Paul Lopez, Director of the Eastern Cyber Resilience Centre (ECRC), said: “Like the majority of sectors, the construction industry is becoming more technologically advanced with the creation of new applications and tools that are changing how companies design, plan, and execute projects. Throw remote working into the mix, then you have a hotbed of online programs and software that cyber criminals have potential access to.
“As it has moved quickly to adapt to new ways of working more efficiently, the focus on cyber security has lagged behind and yet with so many elements at risk – stored data, the supply chains, procurement processes – these all provide pressure points in their systems’ weaknesses.”
Phishing, ransomware, malware and identity theft are just a few tactics criminals use to target their victims. With the construction industry contributing almost £90 billion to the UK economy and comprising over 280,000 businesses, there is plenty of scope for an adept cybercriminal to achieve a successful attack. And the consequences are hugely impactful, causing financial damages, disruption to trading or even the loss of contracts and reputational damage.
James Clark, an independent quantity surveyor at Clark Cost Consultants Ltd, adds: “As a sector we are working in a much more progressive way in regards to the technology we use, processing and storing more and more data about clients, employees, colleagues and assets.
“Cyber security is as important as the building projects we work on. I have received many suspicious emails over the last few years that ask for personal information and they are increasing with worrying frequency. Investing in cyber security and a data protection plan is not just something we can do; it should be a critical part of our industry’s processes.”
Detective Superintendent Lopez offers his tips to businesses on how to stay better protected.
Back up your data regularly and keep it separate from main systems
Use strong and unique passwords and avoid using the same one for multiple accounts
Enable two-factor authentication to make it impossible to get into an account with a password alone
Check all devices (including mobiles) have been installed with the latest software updates
Secure your Wi-Fi network
Invest in cyber security training sessions for you and your staff
Keep auditing your security practices
The ECRC is encouraging businesses to join the organisation to improve their cyber resilience and awareness, with its free core membership.