There has been a noted increase in cyberattacks on the architecture, engineering and construction (AEC) sector, especially in small businesses, leading to an increased need for cybersecurity training programmes for employees.
Software solutions provider WorldsView asserts that the construction industry’s exposure to cyberattacks is amplified by the quantity of confidential and proprietary information that is stored digitally and shared across projects and associated long information technology (IT) chains and that the loss of intellectual property and assets can have serious long-term effects on the organisation’s reputation.
The company notes five cyberattack types specific to construction and related industries, namely:
- fraudulent wire transfer
- business interruption, or downtime
- intellectual property breach
- breach of bid data.
Cyber risks are said to have been exacerbated with the advent of digital transformation, especially in the form of digital twins used by plants in this sector, as well as the increased use of artificial intelligence such as machine learning and robotics. In addition, the introduction of remote offices set up to facilitate Covid-19 isolation regulations has led to more remote connectivity to email, networks,- and third-party platforms which may be inadequately secured to protect data and systems.
These risks have led to a greater need for training of on-site, on-plant and in-office employees, to increase awareness and cybersecurity prevention strategies.
WorldsView has introduced Terranova cybersecurity training to the AEC and built environment sector. The security awareness training partner offers companies programmes that use a teaching framework and help companies to implement training programmes to change user behaviour, reduce the human-risk factor and counter cyberthreats.
Terranova Security aims to teach employees to recognise cyberthreats like phishing, ransomware, malware, and social engineering, and to learn tactics to combat these threats. Its cybersecurity programme is said to be suited to companies of any size and can be tailored to an organisation’s specific cybersecurity needs and objectives.