Here at the Eastern Cyber Resilience Centre, we have seen that the construction industry has shown a significant reliance on technology over the last decade. There have also been seismic shifts in relation to project delivery and how organizations operate. From office operations to activities on-site, technologies such as cloud storage, email and smartphones are commonplace.
Digital tools, such as Building Information Modelling (BIM), are becoming increasingly commonplace at the design stage, along with technology such as 3D-printing, remote building monitoring systems, brick-laying robots, and other automated techniques. It is quite clear that the sector is unquestionably operating in a modern, digitized and connected way.
But as the industry progressively embraces modern technologies it cannot afford to ignore the corresponding risks. If unmanaged, cyber risk ultimately threatens to outweigh the benefits gained from continued technological advances. It is a common misconception that because the industry doesn't regularly deal with personal data that it is not a target for cyber criminals. But unfortunately, this is not the case. The industry presents a wide range of attractive opportunities for cyber criminals.
From controlling critical services, to the theft of trade secrets, there are many reasons that a construction sector organisation could fall victim to cyber-crime. Tracking cyber incidents can be tricky, especially as a lot of incidents still go unreported. And while the construction sector may experience cyber-crime, unless a breach conforms to strict reporting requirements, the majority will not be publicised. This lack of knowledge-sharing can lead to underestimates of the true nature and scale of cyber exposures. And if the industry is unaware of common vulnerabilities, it presents low-hanging fruit for cyber criminals.
The only way to really know is to pressure test your site. But do you really want to know? Nothing bad has happened so far and if you don’t know about it then surely you can’t be guilty of not fixing it?
Ask yourself these questions:
The ECRC offers members affordable web application vulnerability assessments. We work with university students who conduct the testing and provide you with a detailed report, but explained in plain English, so you understand what the risks are and what you need to do to fix them. Find out more here.
The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of business and loss of reputation. In the worst cases it can lead to the closure of the business altogether. But all is not lost.
Reporting Cyber Crime
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
Click to Open Code Editor