One of the world’s oldest industries faces increasing attacks from a 21st century threat.
Construction has been practiced since early man could form permanent shelter and unlike most other industries it has up until now resisted digitization.
But a cybersecurity expert fears as the construction industry modernizes, threats from hackers will increase directly or indirectly.
In September 2017, Edmonton’s MacEwan University lost millions of dollars after school staff unknowingly altered payment information in an online scam targeting the educational institution. A series of fraudulent emails convinced university staff to change electronic banking information for Clark Builders, one of the university’s major vendors.
Other recent high-profile incidents, such as the hacking and release of millions of Equifax and Uber documents, show the vulnerability of current computer systems.
With the rise of Internet of Things networked connected devices, companies open themselves up to a new form of threat from malicious hackers, said Cytelligence Inc. CEO Daniel Tobok.
He used a hypothetical network-connected crane as an example.
“Up until now, it’s been 90 per cent human error, either accidents or machines malfunctioning,” Tobok said. “It (an attack) could hurt the operator, or people on the ground, or control of the crane could be put up for ransom.”
Tobok’s clients in the mining industry, he said, have already experienced hacking attacks with intrusions turning cameras on and off onsite and in some cases computers taken over and held for ransom.
The mining industry implemented more technology seven to eight years ago, he said, and now threats are beginning to emerge.
While the popular idea of a hacker is still a teenager causing mischief from a basement, Tobok said, in 2017 “it’s 100 per cent organized crime.”
Prevention, he said, is contingent on companies acting proactively to combat the threat.
“Don’t let them enter; make sure your systems are secure. Invest more in security. Hackers aren’t trying to just break your firewall,” Tobok said.
Physical threats are not the only point of concern for the construction industry, he added.
“Construction projects are all about bids and pricing, so there are espionage threats. People want access to that information,” he said.
Small and even large construction companies can also be easy targets for hackers, Tobok added.
“It’s easier to hack a construction company than a municipality. If that happens, it’s usually state sponsored,” he said.
Looking further into the future, robotics is an emerging threat vector. While the industry is not yet employing robotics on a large scale, trends indicate more automation in construction.
“We’re a little bit away from that happening, but with more machines, you have more of a threat,” Tobok said.
One source of optimism for the construction industry, Tobok said, is the emergence of new, younger management as the previous generation begins to retire.
“Management is getting younger, which means they understand security better,” Tobok claimed.
Current managers have a profound understanding of physical safety on and off the worksite, he added, but the digital world is not something they had to previously deal with.
While Tobok was reluctant to pigeonhole older managers as not being as tech savvy, “in construction, they just haven’t come from that background. Some of my biggest clients are large construction firms, and they don’t yet understand the digital world or the ease with which data can be deleted.”