_________________________________________________________________________________________________ Cyber security technology solutions , most of these companies operate end-of-life ( EOL ) operating systems using inadequate firewalls without sufficient baseline security controls in place . In 2022 , K2 Integrity was retained by a US property management and construction company that had suffered a data breach and owed ransom to an unknown threat actor . K2 Integrity ’ s investigation determined that one of the construction company ’ s third-party vendors was behind the incident , constituting an insider threat , and that the vendor was acting under the guise of the construction company to successfully extort clients , including the construction company itself , for financial gain . The information technology assessment conducted by K2 Integrity after the investigation found that poor access management and weak cybersecurity controls at the construction company resulted in unauthorized access by the third party .
Preventing disruption
According to Cybersecurity Ventures , in 2021 , construction-related companies were among the third most common industries to experience ransomware attacks that year , with 13.2 percent of firms reporting at least one attack . And the construction industry continues to be named as one of the most targeted industries , with manufacturing and industrial sectors experiencing the most ransomware and extortion incidents , according to the 2023 Q1 KELA Cyber Threat Intelligence report .
Construction companies now have the burden of ensuring the integrity of data is preserved and its availability is managed with proper access controls . As the industry shifts from traditional legacy information technology ( IT ) to digital acceleration plans , its cybersecurity standpoint needs to evolve from perimeter-based to data-oriented and risk-based . Advanced network design , segmentation , robust detection , and appropriate incident response are among the initiatives that need to be deployed to minimize the business impact of a cyber
incident . Not all construction companies are equally vulnerable to cyber-attacks given the nature of their business , access to information , and reliance on advanced technologies ; however , without a proactive stance on cybersecurity , the construction industry remains susceptible to security incidents .
As the construction industry continues to grow , it must also ensure that its cybersecurity defenses are bolstered to prevent project disruptions , delays , and financial losses . K2 Integrity is prepared and ready to assist construction companies from both a proactive and reactive standpoint when it comes to cybersecurity concerns . ■
For a list of the sources used in this article , please contact the editor .
Margaret
Rose and Bradley M . Sussman www . k2integrity . com
Margaret Rose is a Senior Director and Bradley M . Sussman is a Senior Managing Director , at K2 Integrity . With construction projects requiring significant investment of both time and financial resources , K2 Integrity ’ s construction and real estate risk management team works in lockstep with clients to safeguard their investments . K2 Integrity ’ s construction and real estate service offerings include but are not limited to pre-construction contract advisory services , project procedure reviews , financial forensic accounting investigations , legal and regulatory advisory services , as well as on-site security , safety , and workforce control policies .
construction-today . com 15