Research + Tech

AEC firms are more likely to face ransomware attacks

Research by cloud-security provider Egnyte, Mountain View, Calif., shows architecture, engineering and construction firms are more than twice as likely to suffer ransomware attacks than all other industries studied, according to forconstructionpros.com.

Thirty-one percent of AEC companies that were victims of ransomware were attacked at least twice during a 16-month period, and nearly 16% were attacked even more frequently.

Egnyte’s “State of Ransomware Research Report for Architecture, Engineering and Construction” gathered insights from more than 2,700 AEC firms. The report showed companies with more than 1,000 employees were at the highest risk of attack, with most ransomware attacks targeting North American companies.

Egnyte’s analysis revealed various factors specific to AEC firms that make them prime targets, including:

• The construction industry runs on a strict schedule, so delays resulting from lack of access to project files significantly can affect costs and project timelines and damage company reputations.
• Many AEC employees work remotely, and companies maintain a shared information environment with outside contractors on job sites, creating additional entry points for attackers.
• Tight profit margins along with the other factors mentioned make AEC firms more likely to pay a ransom so they can get back to work more quickly.

“The threat of ransomware continues to rise as economic and technological factors make AEC firms prime targets for threat actors,” says Ronen Vengosh, vice president of AEC for Egnyte. “Firms need to invest in a holistic defense program, which is a combination of the right prevention technologies, content governance and user-education so they can mitigate potential attacks and avoid any business disruptions.”

Motion alert technology can help prevent equipment theft

In 2016, the National Equipment Register reported theft was more abundant than vandalism, fire, water and hail damage combined and estimated the value of construction equipment stolen each year is between $300 million and $1 billion. That estimate is for equipment only and does not include tools and building materials, which often are easy targets for thieves. Theft also can lead to lost productivity, schedule delays and increased insurance premiums.

Security cameras on job sites reportedly can deter theft and help recover stolen property. TrueLook’s 2020 Jobsite Security Report surveyed 739 construction professionals and revealed only 24% of stolen goods were recovered in 2019. Job sites with cameras were more likely to recover stolen equipment through police involvement.

Motion alert technology installed on a job site can send an alert via text and email with a picture when motion is detected and indicate which camera was triggered so an individual can pinpoint where an incident is occurring. It also can track and record high-definition video.

According to EMC Insurance, Des Moines, Iowa, job sites are most likely to be targeted when they are not actively staffed—most losses from theft and vandalism happen during weekends and on holidays. Equipment also is more likely to be stolen during warm weather months (from April to September), peaking in May, June and July.

Theft or vandalism should immediately be reported to local law enforcement. Stolen equipment should be reported to the owner’s insurance provider and the National Equipment Registry as soon as possible at ner.net/solutions/report-a-theft.

Nearly 25% of employees have access to accounts from past jobs

A new report by Beyond Identity, New York, reveals nearly one in four employees said they still have access to emails and accounts from past jobs, according to forconstructionpros.com. The company surveyed more than 1,000 current employees about their password habits and tendencies.

Additionally, 41.7% of employees said they have shared workplace passwords; 42.5% of employees believed sharing work passwords should be a fireable offense; and more than 20% of employees said they have used the same password for their personal bank accounts as they did for work-related accounts.

The report comes as cyberattacks on businesses, government organizations and other groups are up by the thousands.

Regarding the safety of passwords, about 45% of respondents believed their passwords were very secure and 26.3% believed their passwords were extremely secure.

However, many employees remember their secure passwords through methods that are not so secure. Thirty-four percent of people said they wrote their passwords in a notebook or on a scrap of paper. Recording passwords digitally also was a popular option.

Two-thirds of employees shared their passwords with co-workers, and many also gave their family members or significant others access to their work information. People typically shared their passwords via email, orally or by text.

WEB
EXCLUSIVE

• Web exclusive: Click below for more information.
• View steps you can take to prevent ransomware attacks