Escalating materials costs, a limited labor pool and unavoidable delays are the kinds of challenges about which almost everyone in the construction industry will one day worry. But alarming new research from encrypted cloud service provider NordLocker reveals an all-new reason for concern—ransomware attacks.
Indeed, the analysis of 1,200 companies targeted for cyber extortion between 2020 and 2021 shows that of 35 industries, the construction sector suffered the most ransomware attacks. So what makes the construction industry such a tantalizing target?
“The reputation of firms in this industry is largely build upon on-time service delivery, which is at risk during any delays caused by ransomware attacks,” explains NordLocker cybersecurity expert Oliver Noble. “This factor, together with the industry’s razor-thin profit margins, provides the ransomware groups with conditions that make a payout more likely. Additionally, the industry could be a tempting target to ransomware gangs because of its relatively traditional business model, which is to a large degree yet to implement advanced cybersecurity solutions.”
While it might seem as though the bigger money associated with larger companies might attract more hackers, NordLocker identified 93 construction companies hit by ransomware attacks and found that cyber criminals are equal-opportunity extortionists.
“Small enterprises usually do not have the same cybersecurity checks in place as a larger business, making them an easier target for ransomware attacks,” cautions Noble. “That being said, major companies are still the preferred targets, as their deeper pockets and higher stakes make them more likely to pay up.”
Mitigating the risk: Tips to safeguard your business from ransomware
Despite the constant evolution of ransomware raids, NordLocker recommends a few ways to strengthen your company’s proverbial walls:
- Require your team to develop very strong passwords to access systems and consider adding multi-factor authentication.
- Perform periodic data backups and restoration processes, and ensure employees adhere to related policies. For optimal security, an encrypted cloud might be ideal.
- Employ zero-trust network access. In other words, be sure to verify the identity of any worker who requests access to digital resources.
- Train your staff to recognize and report phishing attempts, and exercise even greater caution when links or attachments are contained in an email.
Don’t let a ransomware hack take down your business. Instead, protect your profits with a bit of diligence and some simple techniques.