How Construction Companies Can Defend Against Ransomware Attacks

The threat, scope and impact of ransomware attacks is growing. Egnyte’s analysis of existing customers found that companies in the architecture, engineering and construction sector were more than twice as likely to fall victim to these attacks. Andrew Martin, Senior Sales & Marketing Director EMEA at Egnyte, explains how companies can defend against ransomware attacks.

Ransomware is a serious problem for the construction sector, and given firms are schedule-driven, any successful ransomware attack that impacts work has a higher probability of being paid off by the victim. This creates a target-rich environment for potential attackers, with 1 in 6 construction companies having reported a ransomware attack in the past year.

In practical terms, ransomware is a technique used by cybercriminals to prevent their victims from accessing their own computer systems. One of the ways this is achieved is by infecting them with malware that encrypts data on target networks and then threatening not to remove it until demands are met. In most cases, the ransom is financial, with payment demanded in cryptocurrency, such as Bitcoin. Depending on the type of ransomware infection, denial of access to business-critical files could be permanent if the ransom is not paid, and for some unfortunate victims, even when the ransom is paid.

In many cases, ransomware enters the target network from a download delivered via a phishing email or link (often from a trusted source) with an enticement to click it, which then activates an executable file that unleashes the attack. This method is used because it requires the least effort on the part of the attacker. Other popular attack points include inadvertent downloads of malware from an infected website – sometimes executed by clicking, at other times by simply landing on the site (including social media channels).

Why are construction companies at risk?

So, why are construction businesses being targeted? The first reason is the industry’s distributed workforce which, in turn, requires distributed technology. This increases potential cyber risk, not least because organisations find it hard to provide strong security across every point in their complex networks. Others simply don’t have the experience or resources to guard against the risk of ransomware. And, the global pandemic exacerbated the situation, as companies rushed to move their onsite workforces to Work from Home, often prioritising productivity, speed and convenience over cybersecurity concerns.

The second reason behind the growth of ransomware in the sector is its economic sensitivity to project delays. Attackers know and understand that “time is money” in the construction industry so it is easier to take advantage of firms that would suffer large losses if a project is delayed.  Thus, paying the ransom may be a more likely outcome.

The foundations of effective defence

Despite these challenges, construction firms can take a range of positive steps to avoid being hit by a ransomware attack – and in the event of a successful attack – quickly recover:

1. Implement an Identity Management Solution – In the fight against ransomware, identity management is one of the leaders in helping to keep your data safe. A good solution will encompass various policies. Multi-factor authentication (MFA) prevents a single stolen username and password from enabling an attacker to gain access to an account. Single sign-on, which helps users gain access to company assets online, can block employees from accessing assets if a threat is detected. Effective identity management solutions also employ policies that govern behaviour to prevent attackers from impersonating legitimate users. While no security solution can guarantee to be 100% effective all of the time, a good identity management solution will encompass all of the above to ensure it is limiting the risk of ransomware.
2. Restrict access to data – Once a cyber criminal has access to the target system their goal is to take control of as many files as possible on as many computers and servers as possible. However, the more files that are restricted via limited access, the more difficult and time-consuming it becomes for the attacker, giving the organisation more time to identify and control the breach before their systems are immobilised.
3. Focus on ransomware recognition – This includes a range of automated techniques that can identify ransomware and mitigate its potential to do harm. Examples include unusual behaviour detection, as well as identifying the presence of a ransom note that sets out the threat to the system and the payment amount and procedures. Also important is ‘zero-day’ monitoring, which looks for a vulnerability that no one knows exists until it is exposed. Behaviour-based ransomware detection increasingly employs Artificial Intelligence (AI) to detect and remediate suspicious actions in near-real-time.

Focusing on recovery

While these strategies have proved to be extremely effective in reducing the chance of a ransomware attack being successful, all organisations remain at significant risk.

As a result, construction firms should always include a worse-case scenario in their ransomware strategy that allows them to quickly recover to business as usual – even when they have also invested in prevention. One of the most important capabilities is an effective business continuity plan that includes backup and recovery.

Granted, many companies already have a backup and recovery plan, but many also take an all-or-nothing approach, so even if only part of their file infrastructure  is compromised, they still need to recover and replace large sections of their data in order to restore it. This can take days if not longer to complete, meaning that even a small breach can significantly impact daily operations. Instead, the use of selective file restoration utilises backups that exist both on-premises and in the cloud for faster recovery and increased resilience.

With overall ransomware risks continuing to increase, construction companies that take decisive preventive and recovery measures will be well placed to avoid potential catastrophic disruption and cost. In a competitive environment, this is crucial to business performance, profitability and growth.

If you would like to read more stories like this, then please click here