Construction projects are large and complex undertakings. With construction companies managing multiple projects, with dozens of stakeholders collecting, processing and sharing sensitive data, it’s easy to see why the construction industry has become the number one target of ransomware attacks.
This is especially true for contractors who still use a combination of manual processes, different software solutions, and on-premises data storage to run their operations, as cybercriminals often view these companies as ripe for selection. While modern cloud-based software solutions and workflows tend to be well protected with the latest data and cybersecurity measures in place, legacy systems and workflows are much more difficult to protect properly, providing many potential opportunities for violation.
The consequences of a data breach are far-reaching. In most cases, business disruption results in long-term loss of revenue and reputational damage. The cost alone can be crippling with breaches carrying an average price tag of $4.24 million per incident. Even knowing the problems a cyberattack would create, many construction companies think “it would never happen to us”, until it does.
When the unthinkable happens
In September 2020, ER Snell Contractor, Inc. learned firsthand that a data breach can happen to any organization. It was a moment Justin Snell, the company’s vice president of technology, will never forget.
“The Sunday before Labor Day, we started getting alerts that our anti-virus software was disabled, which was impossible,” Snell said. “Upon closer examination of the network, we could see that the files were encrypted, and by the time we realized what was happening, all of our servers had been hacked. The next morning I was on the phone with the FBI It was surreal.
At the time, 90% of ER Snell’s software system was on-premises and 10% was hosted in the cloud. Cloud and on-premises servers were backed up daily. “In the event of an emergency, we relied on having access to these backups to initiate our recovery plan,” Snell said. “Unfortunately, in addition to encrypting our on-premises servers, hackers deleted almost all cloud backups.”
Hackers were also able to compromise an employee’s email account, place a keylogger on the on-premises email server, and gain administrative access. Through the chat service, the hackers then demanded ransomware payment via Bitcoin.
Within 24 hours, ER Snell had hired an incident response team and an attorney. Fortunately, the company was prepared with cybersecurity insurance and able to file a claim quickly.
ER Snell also engaged Trimble Viewpoint to help move its Vista ERP to the cloud and to the Trimble Construction One connected solutions suite. “The Viewpoint team immediately stepped in to help,” Snell said. “They understood the seriousness of the situation and within days they moved the data and put everything in place so that we could continue to work. All of our critical services were restored within a week. »
Multi-factor authentication has also been implemented on all critical accounts, including email. During these processes, all backups held for ransom were recovered, giving ER Snell the freedom to ignore ransom demands.
Although ER Snell avoided paying the ransom, he was far from spared from the attack. Insurance and improvement costs were paid, in addition to several days of work lost. Due to the lack of available software, several departments had to turn to manual processes that required excessive time and resources. During the three weeks of triage, ER Snell hired an outside accounting firm to rebuild five months worth of data and an outside computer company to rebuild over 200 computers. From start to finish, it took three months to completely piece together all the missing data.
Snell recalls that 2020 was the first year the company invested in a cyber insurance policy. “I was a policy advocate and luckily our carrier insisted we needed it,” he said. “It goes without saying, but we will definitely offer cyber insurance in the future.” Although cyber insurance is recommended and is an essential safety net, it will not prevent cyber attacks. As primary targets, construction organizations must take other measures to reduce the likelihood of a successful attack.
Leveraging the Cloud to Mitigate Risk
Since taking over, ER Snell has made several company-wide adjustments. One of the biggest changes was moving 80% of its systems to the cloud and keeping only 20% on-premises. Looking back, it’s a change Snell wants the company to make much sooner.
“Entrusting our data to Trimble Viewpoint’s Vista in the cloud is an insurance policy in itself,” he said. “It doesn’t make our business bulletproof, but it mitigates a lot of the risk. We now have peace of mind knowing that our data is more secure in the cloud with encrypted user-level authorization controls, single sign-on, and multi-factor authentication.
In addition to moving to the cloud, Snell recommends a written disaster recovery plan that is regularly reviewed and tested. “It doesn’t have to be complicated,” he said. “We do an annual in-depth review of our plan, but also do monthly and quarterly reviews and DR tests where we simulate shutting down all our servers and restoring backups.”
Best practices for construction cybersecurity
By planning and investing in proper security, the risk of cybercrime can be mitigated. Here are four things construction companies can do now to protect themselves against cybercriminals:
1. Stop taking the bait: Simply clicking on a wrong link or attachment will cause the ransomware to download on a computer. Triple check all emails from strange email addresses, URLs or requests.
2. Continuing Education: Build a culture that is constantly aware of data security. Employees should be on the lookout for threats when they open every email, visit every website, and perform every action on their computing devices. Organizing training sessions and showing employees exactly what to look for is a big step in avoiding a cyberattack.
3. Passphrases not passwords: Breaking employee passwords is one of the most common ways cybercriminals gain access to company data. To increase security, employees are recommended to use a full phrase when creating a password. Including spaces between a minimum of four words is a good start, but to make it even more complicated, try adding case-sensitive characters, numbers, and words. By lengthening and complicating this form of security, hackers will have a much harder time getting through.
4. Multi-factor authentication (MFA) on high-value assets: Enabling MFA on all assets is ideal, but at a minimum, ensure that all high-security logins require employees to verify their identities in multiple ways.
When a cybersecurity attack happens, time is running out. Cybercriminals are known to attack businesses more than once, especially when they were easy to exploit the first time around. Any business that doesn’t have a plan in place is only making the hacker’s job easier.
“Cybercrime is more organized than it’s ever been,” Snell said. “We do everything we can to mitigate the risk, but it never goes away and we don’t want to be an easy target. Imagine a thief entering a parking lot and checking the doors of a car. He can check 10 car doors and get lucky with an unlocked car. You don’t want to be the one unlocked. Education and continued investment in cybersecurity is paramount. Looking at why we were targeted, it makes perfect sense that a construction company might not have the best security protocols in place, but today it does.