In the last few years, cybersecurity has become a big issue in the construction world. Contractors are vulnerable and easily targeted by hackers, with ransoms and work stoppages costing millions of dollars.
In Part 1 of this series, we discussed why construction companies are so frequently targeted by cyber-attacks. In this article, we’ll show you what to do when you are attacked and how to set up a cybersecurity program for your company that will help prevent these attacks.
If you haven’t hired a cybersecurity consultant before you get hit with an attack, you will definitely need one when you do. A probable course of action a consultant would take would look something like this:
Unless you have your data backed up where the cyber-criminals cannot get to it, you’re likely going to have to pay the ransom. But it can be negotiated.
“I have yet to pay full price for ransom,” says Nick Espinosa, chief security fanatic at the cybersecurity firm Security Fanatics. “Last year we had an AEC (architecture, engineering and construction) firm, get hit with a ransom for $5 million, and we got it down to $1.2 million. I had a small mechanical contractor get hit for $85,000 We got them down to $10,000. So you can negotiate these things.”
Negotiations often give cybersecurity contractors time to figure out the hack, plug the holes and rebuild the system as well, says Espinosa. And once the system is more secure, there is more incentive for the hackers to lower their demands. “There's an entire methodology we use and it makes for some interesting conversations,” he says.