Contractors, construction managers and design professionals were more than twice as likely to be the target of ransomware than other users of cloud-based security technology. These were the startling results of a study of Egnyte customers presented at the recent Associated General Contractors of America IT Conference in Chicago.

Companies with over 1,000 employees were at the highest risk of attack, according to the study of roughly 3,000 survey responses from Egnyte customers. The largest group that responded was architects, engineers and construction companies. The study took into account all Egnyte customers who had a ransomware incident when comparing the overall occurrence of attacks.

Of the total number of ransomware attacks logged, the report found 28% were in AEC. Even though construction and design is Egnyte’s largest business vertical, the survey figure is still twice the average number of attacks reported in other industries.

While Kevin Soohoo, director of the AEC market for Egnyte, presented the findings at the AGC conference, 82% of contractors in attendance said in a live interactive poll that ransomware is a leadership or board-level topic of discussion at their companies.

Contractors and design firms have several factors working against them that may lead to a higher rate of targeting, the report states. Their businesses are highly schedule-driven, and any delays due to lack of access to critical files can significantly impact their costs. Couple that with low profit margins, and AEC firms may be more likely to pay a ransom to get up and running again compared to other industries, the report states. AEC firms also have a large attack surface, due to a significant portion of their employees working remotely. Many firms also have to maintain shared data environments with a long list of subcontractors, which opens additional entry points for troublemakers, the report stated.

Ransomware incidents in the AEC industry are most prevalent in large companies, with over 26% of survey respondents reporting a successful ransomware attack against them. That was compared to only 1% of Egnyte accounts in companies with fewer than 200 employees and 4% of accounts in companies with between 201 and 1,000 employees.

More Secure Data Storage

A recurring theme over the three days of workshops and sessions at the AGC conference was how the pandemic forced many attendees to reconsider how they decide which project information to keep on hand, and how better ways are necessary to store that data on their networks.

Alison Hart, manager of project solutions at Minneapolis-based Mortenson Construction, shared her experience rolling out the Microsoft 365 suite of tools (Teams, SharePoint, OneDrive, Planner) for construction document management and to eliminate the firm’s reliance on Box. Mortenson has 17 operating groups and needed to standardize document and file-sharing practices and application delivery. It also sought to revise its record retention policy to reduce risk in the digital age. Microsoft Teams was chosen for document storage, sharing and archiving to standardize the company’s data structures. Mortenson employees were already familiar with using Teams for video conferencing during the pandemic. “With this process, legal has taken a very un-legal-like stance of eliminating more of what you no longer need and not retain more,” Hart told attendees.

Another area that contractors were talkative about was negotiating the best deals for cloud and SaaS services, in a session led by Christian Burger and Angus Frost of Burger Consulting Group.

Burger said that contractors need to get it in “black and white” that they can always get their data, but the vendor and customer must also agree on the format by which data is to be delivered.