As digital tools and systems become more integrated into construction processes, protecting your business against cyberattacks is critical.
We are officially in the scary zone for cybersecurity—an era shaped by global connectivity, advanced AI tools, and aggressive threat actors like North Korea and others. Cybersecurity is no longer about theoretical preparation for “just in case”; it’s about response and resilience because “when” is now.
Growing up in the 1960s, we were taught to hide under desks during nuclear drills. In hindsight, those drills were tragically laughable. Likewise, many legacy cybersecurity precautions feel equally outdated in today’s threat landscape.
It’s time for a paradigm shift. Cybersecurity efforts should not only focus on preventing breaches but also preparing for what happens after a breach. Ask around: Chances are, someone you know has been hacked. Ask how it happened, how much it cost, and how long it took to recover. The stories are more common—and costly—than you think.
The three Ps: Prevention, Protection, Preparation
Keith Onchuck and Luis Angulo, CIOs of Ozinga and CalPortland, respectively, developed a modern cybersecurity framework, which revolves around three key pillars: prevention, protection, and preparation.
1. Prevention. “If you prevent the threat from happening, there’s no impact,” says Angulo. The first and most crucial layer of defense is human training and awareness. Educating users about phishing, social engineering, and online hygiene helps avoid risky behavior that creates vulnerabilities. Most threats should be stopped at this stage, but not all will be.
2. Protection. “Protection is that safety net that catches what prevention misses,” says Onchuck. When prevention fails—and it will—systems and controls must be in place to detect, contain, and limit the impact. These include:
- Firewalls and endpoint detection.
- Behavior-based monitoring.
- Encrypted backups.
- Identity and access management.
3. Preparation. The final pillar is about readiness, which includes having in place:
- Incident response plans.
- Backups and offline recovery strategies.
- A “cyber go-bag” of essential contacts, credentials, offline instructions, and tools you’ll need when the worst happens.
Token stealing
Gone are the days of curious teenagers like Matthew Broderick in “WarGames.” Today, nearly every cyberattack is financially motivated. Currently, the hottest attack vector is token stealing.
Token stealing involves attackers stealing authentication tokens—digital “keys” that grant access to accounts without needing a username or password. Tokens are used across web sessions (i.e., cookies, session tokens), APIs and apps (OAuth open authorization access tokens) and multifactor authentication (MFA) systems. Once a token is stolen, attackers can impersonate you until the token is revoked—bypassing both passwords and often MFA.
In 2023, token stealing accounted for $2.9 billion in recorded losses. That number increased in 2024 and is accelerating in 2025.
A typical attack scenario might look like this:
- The hacker gains access to your email.
- They search for banking information.
- The hacker creates a hidden rule to divert bank emails to a folder.
- They initiate a password change or wire transfer.
- Confirmation is sent via email (which they now control).
- Funds are stolen before you even realize what’s happened.
To prepare against token-based theft:
- Use a separate device for MFA approvals.
- Limit token lifespan aggressively.
- Enforce routine password resets.
- Revoke old user sessions frequently (by setting shorter session timeouts).
For everything else—the 90 percent of unknown or advanced threats—don’t go it alone. Hire experienced, contracted cybersecurity professionals.
The burden on information technology (IT) security is immense—IT staff must anticipate and defend against every potential threat, while attackers only need to succeed once to cause chaos. Partnering with a trusted cybersecurity expert is essential to proactively assess your digital footprint and identify vulnerabilities before an attack occurs. Waiting until after a breach significantly reduces the chances of a full recovery and can lead to devastating consequences.
“Yet when we make it hard for cybercriminals to breach our systems, they move on,” says Doug Coleman, co-founder of managed IT services firm Roebuck Technologies.
For more than 25 years, Coleman has been helping niche industries like ready mixed concrete with targeted, effective IT security. The demand for his work is a reminder that real defense is never generic.
Cybersecurity is no longer a department—it’s a culture. It’s no longer about “if” but “when.” When the inevitable happens, preparation will be the difference between disruption and disaster. Be ready.