UK contractors form group to combat cyber threats in construction JVs

Dive Brief:

Several of the United Kingdom's biggest commercial contractors are working to head off cyberattacks in construction projects that use joint ventures.
The group, which includes representatives of Royal Bam, Balfour Beatty, Kier and Morgan Sindall, is meeting regularly to develop guidance around combating the threat of online hackers in joint ventures, Royal Bam group director of cybersecurity Ian Hill told Construction News.
Known as the Chief Information Security Officer Forum, the group is developing processes to alert one another if a cyberattack takes place that could affect their counterparts on joint ventures. Hill said that the group will share its guidance around access requirements and cybersecurity responsibilities in joint ventures with U.K. government experts for their input and eventually disseminate it throughout the industry.

Dive Insight:

A string of cyberattacks has hit the U.K. building sector in the past 18 months, Construction News reported, with hackers targeting Bam Construct, Interserve, Bouygues UK, RMD Kwikform and Amey. A payroll company used by Arup was also hit in January. Joint ventures are particularly vulnerable to cyber threats because they involve the sharing of data and documents among firms.

Cybersecurity is a growing issue for North American contractors as well. For instance, Canadian government contractor Bird Construction was hit by a ransomware attack last year, according to the CBC. In the United States, the DarkSide hack into the Colonial Pipeline shutdown gas delivery for six days. Ransomware attacks involve malicious software used to cripple a target's computer system to solicit a cash payment.

Construction businesses that adopt technology solutions — from drones to software and online platforms — leave the door open to cyber risk, said Phil Casto, senior vice president for risk services at Chicago-based insurance firm HUB International, in a column for Construction Dive.

What's more, he said, cybersecurity is a concern for every construction business, no matter how small. According to Verizon’s 2019 Data Breach Investigations Report, 43% of cyberbreach victims are small- or medium-sized businesses.

Some steps to protect your data include training employees in information security best practices, keeping software up to date and using multi-factor authentication. This added security for log-in processes makes it harder for criminals to gain access to sensitive data like construction invoices, contracts, and other financial and legal documents.

"It’s a good idea to require multiple credentials, such as a system-generated code, a pin code or a keycard scan for any employees working with sensitive or confidential information," he said.