Posted by scarlett admin, on

Critical Ransomware and Compliance Tips for the Construction Industry

Construction is one of the top industries targeted by cyber-criminals. High revenue and low security create appealing targets for attack. Scarlett Group works with many construction organizations to help secure their network and protect their users. We have put together the below guidelines to highlight the current compliance, threat, and security environment in the construction industry.

image 15

Rising Requirements – Cyber Insurance, Compliance, and CMMC

One of the main questions that the Scarlett Cybersecurity team get asked about is why insurance requirements are rising at such a rapid rate. We have determined that it’s a simple formula: More Attacks = More Insurance Payments = Higher Rates. Insurance agencies have determined that construction firms have been behind the times in regard to the evolution of compliance requirements, legal requirements for sensitive data, and increased attack sophistication.

For example, the attack trend of double extortion ransomware specifically targets organizational sensitive data to simultaneously blackmail and encrypt company systems. By stealing the data, these attackers can threaten both PR and operational impact.

Additionally, there are many critical security gaps within relatively large construction firms. Due to the raw revenue associated with large projects, construction firms may operate on relatively small profit margins but expose great opportunity for a cybercriminal attack. Many new frameworks such as CMMC for DoD contractors are attempting to restrict unsecured vendors from doing any business with sensitive data. These requirements are a good start, but the compliance gaps are extensive within the industry and it will take a dedicated focus from executive leadership to truly achieve a workable security posture.

Modern Ransomware Threats – What Kind of Attacks to Expect

Ransomware is a type of malware that encrypts an organization's data and demands payment in order to restore access. It often spreads via email or bad links in most construction firms. The attack will lock data and attack cloud shares. Large groups operate these tools due to the potentially huge profit. Perhaps the most insidious aspect of these attacks is the fact that they will dwell on the network, finding backups to infect with backdoors and exfiltrating data. These attacks happen quickly, with worm activity spreading it through the whole network.

Infected groups often ask - Can't we just restore from backup?  Unfortunately, backups and cloud services are targeted. Systems can require more than backup – a secure remediation plan is an absolute must-have. Even if you can quickly restore, data still might be leaked and backdoors might be in place.


Top 10 Solutions – Budget-Conscious Cybersecurity

  • Multi-Factor Authentication (MFA)
    • If you can remote into the network, you will need to have MFA enabled.
    • Don’t skip on this one – it will likely lead to denied coverage and poses a major security risk.
    • Multi-Factor Authentication on ALL Remote Access and Web Email.
  • Disaster Recovery and Business Continuity Services (DRBC)
    • Disaster Recovery Planning is Critical!
    • Not Only Ransomware – natural disasters too.
    • Identify disasters and know your recovery options.
  • Endpoint Detection and Response (EDR)
    • Anti-Virus is no longer enough to secure an environment.
    • EDR is the new standard; these new tools provide prevention, detection, and response.
  • Vulnerability Management
    • Scan internal network for vulnerable apps and devices.
    • Scan perimeter for vulnerable ports and access methods.
  • Perimeter Security
    • Intrusion Prevention/Detection Systems, Next-Gen Firewalls, and Sandboxing are critical.
    • Also ensure that your organization has Geo-IP blocking enabled.
  • Data Loss Prevention (DLP)
    • Know your data - internal scanning and tracking of sensitive info.
    • Watch for outbound sensitive information - use a DLP solution.
    • Security Information and Event Management + Security Operations Center.
    • All Logs into one tool, centrally stored and monitored.
    • 24/7/365 team to watch and secure.
  • Patching
    • Updates are more than features – they protect against attacks
    • Fixes holes within software and services
    • Systems running smoothly
  • Cybersecurity Training
    • Cyber Security Awareness Training and Phishing Simulations are required.
    • Security without user training is ignoring the primary threat vector at most organizations.
    • Test users with phishing simulations to ensure proper security practices.
  • IR Planning
    • An attacker only has to get lucky once.
    • Internal Incident Response Team or Outsourced Incident Response “on retainer”
    • Established Incident Response Guidance


Often, we find that this list may seem overwhelming. Teams like Scarlett Cybersecurity specialize in helping secure construction firms in a budget-appropriate manner. Our services include IT, Cybersecurity, Consulting, Cloud, and Audits. Additionally, we are on the GSA contract for all services and can work to closely align with federal or state standards. Our team deals with cyber crime on a daily basis – we have seen the extent of these attacks and want to be sure executive leadership is aware of the threat. Contact our team today if any assistance is needed.



From our team at Scarlett – Merry Christmas, and Happy Holidays!


Share This

Related Posts

In late January 2024, the City of Jacksonville Beach experienced major IT outages and disruptions to city systems and services. After weeks of investigating the "cybersecurity event", city officials announced on March 20th that they had been the…
Today, social media activities, monetary transactions, and technology play important roles in the way organizations carry out their business and communicate with potential customers. These same vehicles can be targets for cyber attacks.
Stolen information from a data breach is causing millions of HCA Healthcare patients in Florida to worry. The company explained the private data was stolen from an external storage location used to automate email messages.