Blog

Get the inside scoop with LoginTC and learn about relevant security news and insights.

Architecture And Construction Firms Are Extremely Vulnerable To Cyber Attacks. Here’s How They're Responding

March 11, 2021Joel Balsam

Think cybersecurity is only for companies like Amazon, Equifax, and Sony? Think again.

According to a recent analysis of nearly 500 ransomware attacks, healthcare and professional services are the #1 most targeted business sectors, representing 67% of all attacks. And that includes a growing number of architecture and construction firms.

In 2019, attackers demanded $9 million from Canada’s Bird Construction in exchange for seized data, according to Cybersecurity Insiders. In January 2020, attackers got a hold of 200GB of critical data from France’s Bouygues construction firm and wanted a pay-out of €10 million.

Overall, cyberattacks will cost an estimated $6 trillion in damages this year and $10.5 trillion by 2025 — and that’s only been amplified by coronavirus as more and more companies are operating remotely. Greg Fait, director of enterprise infrastructure at Perkins and Will, says that his architecture firm has been under a barrage of attacks since the pandemic began.

“At this time, we are seeing a significant spike in phishing and cyber-attack activity,” he told Architectural Record.

The Changing Way Of Doing Business Makes Companies Vulnerable

For the most part, gone are the days when plans were drawn up on paper and stuffed into a filing cabinet. Critical strategies are composed online, using digital software, and shared through the cloud to employees, clients, and subcontractors connected to potentially dozens of different Wi-FI networks — all that makes companies vulnerable to severe cyber attacks.

Picture being a construction firm and having your automated machinery hacked, risking the safety of your workers? Or what about being an architect and losing access to the smart technology that locks the doors in a client’s office building or home, opening them up to theft, or worse.

Aside from costing millions of dollars as well as the privacy and well-being of clients, cyberattacks could impact or even end any company — more than half of small businesses went bankrupt within six months of an attack, according to a 2017 study.

  • Breach of intellectual property — If highly sensitive blueprints or strategies are stolen in a cyberattack, it could lead to irreparable harm to a company’s reputation or lawsuits — a 2019 survey found that 81% of consumers stop engaging with a brand online after a data breach.

  • Potential lawsuits — Governments or clients with highly sensitive data will not appreciate the loss of private information, to say the least, and could end up suing.

  • Loss of competitive advantage — Having bid strategies leaked to competitors could put an end to any edge a business may have had.

  • Deadlines missed — Even if a company manages to recover from a cyberattack, it’ll undoubtedly cause delays to the all-important project delivery date, potentially costing millions as well as future work loss.

How Architecture and Construction Firms Are Protecting Themselves

The good news is that the architecture and construction industries are already aware of their vulnerability and are getting smarter about cybersecurity every day. One of the best ways to do that is with proper online hygiene, which involves clever, unique passwords when logging onto company networks.

But according to Reeny Sondhi, vice president of architect and construction software company Autodesk, companies need to do more, including the deployment of a cybersecurity strategy that utilizes 2-Factor Authentication.

“It’s a joint responsibility,” she told Architect Magazine. “Setting strong passwords, using 2-Factor Authentication, and using federated identity and single sign-on reduce the risk of stolen passwords.”

Industry website Construction Exec echoes the same response, writing that companies need to be asking themselves: “Are mechanisms in place, such as Multi-Factor Authentication, to mitigate the exposure when people make mistakes?”

If your firm is asking itself these questions about cybersecurity, it isn’t too late.

Get started with a 15-day free trial now.