Builders are starting to protect their information systems from hackers. However, many companies are still underestimating this danger.
The construction sector is looking into the following months with mild optimism, driven by the current growth of its production. However, at the same time, it fears such dangers represented by hacker attacks. One of the vulnerable areas, for example, includes newly built photovoltaic equipment.
Domestic construction production has been bouncing off the bottom in recent months, as data from the Czech Statistical Office shows. Just in December, the volume of its production increased by nearly a tenth year-on-year.
Some experts even speak of this year being a breakthrough for the construction industry. The reason? On one hand, there is the energy transformation that encourages owners of new and renovated buildings to increasingly turn to alternative sources, and there is also the increasing risk of hacker attacks, which does not spare this sector either.
Photovoltaics is becoming an easy target
Solar panels and other sources are no longer a common thing only in the west of us, but also in the Czech Republic. The reasons are both overloaded existing networks and rising energy prices. The most endangered during hacker attacks are photovoltaic inverters, which represent the heart of solar power plants. Their software ensures the correct functioning of photovoltaics. Such attacks can cause short-term shutdown of the power plant, but also its permanent devaluation.
However, it often doesn't stop with photovoltaics. For attackers, they can represent another gateway into individual companies. They can penetrate, for example, into the company network of the organization and launch harmful code at the same time. Such a code can be, for example, spyware reconnaissance software, ransomware software used to enforce ransoms, or a wiper type code, the main intent of which is to destroy data and erase traces of the attack.
Cyber attacks damage builders and the entire industry
Hand in hand with this, the demands of builders for the protection and security of their own IT systems are increasing.
"By properly setting up security measures, construction companies can not only minimize the risk of leakage of sensitive information, but also better cope with growing demands for digitization. The security of sensitive data is absolutely crucial for the successful functioning of companies with the increasing digitization in the construction sector. Cybersecurity, however, is not just about quality technologies, but mainly about prevention, education and the creation of proper security habits among their own employees,"
Adam Heres Vostárek, the regional manager of PlanRadar, stated for LP-Life.
According to a Sophos study, conducted in 14 countries around the world, a vast majority of construction and real estate companies have already experienced cyber attacks, which involved attempts to damage backed up data. Unfortunately, these attempts have been successful in almost two thirds of cases. The results are not only financial losses, but also operational disruptions up to damage to the reputation of builders.
Last year's survey by EY ČR among domestic companies showed that only 2 percent of companies would meet the requirements of the NIS2 directive, from which the new cyber security law is derived. About half of the respondents who are not sufficiently informed about the standard hold top managerial positions, or are board members. According to NIS2, it is precisely the company's management that bears direct responsibility for its implementation. More than half of the respondents consider the main obstacles to the implementation of the directive to be a lack of experts and high costs.
How can you protect yourself?
Companies can defend against a hacker attack in several ways. The most important is multi-factor authentication, which adds an extra layer of protection beyond regular passwords. Another option is to limit access rights for those employees for whom certain information is not essential for their work. It is also worthwhile to regularly back up data and create a recovery plan in case the company is attacked. The combination of local and cloud storage also increases the level of protection, enabling faster recovery from possible incidents. Emphasis should also be placed on regular software updates, which provide protection against newly discovered vulnerabilities.
Shared services again offer a centralized solution for cybersecurity, which is shared by multiple entities. This allows sharing the costs of experts, technology and infrastructure. This trend is also developing in other areas, such as car sharing, bike sharing, or so-called "floating officials".
Another path is the investment in solutions based on artificial intelligence. Such tools can automate many tasks in cyber security, reducing dependence on human workers while increasing efficiency and response speed to threats.
The Security Awareness survey showed that approximately one-quarter of companies do not provide regular training to their employees in the field of IT security. This is a critical security issue, particularly for smaller companies. In the construction industry, where one human error can mean unauthorized access to a wide spectrum of data and information from a number of collaborating entities, educating their own employees in the field of cyber security is indispensable.
Data protection is therefore no longer just a matter of prevention, but a crucial step in ensuring long-term stability and competitiveness. Construction and development companies will increasingly look for ways to secure their software systems against attacks and how to reduce energy costs. All this will of course affect their further operation and the entire construction and real estate sector. However, we will have to wait a while to see how significant the impacts associated with this will be.
Sources: author's text,own querying, CSU, EY CR, Security Awareness, Sophos
