Cyber Crime Against Construction Companies

In a world where everyone is increasingly connected through the internet, it’s no surprise cybercrime continues to rise to new levels. In 2021, nearly every category of cyber-attacks increased worldwide. The numbers are staggering. SonicWall, a cyber security company that releases a cyber threat report each year, recorded the following cyberattacks in 2021: 

  • 5.3 trillion intrusion attempts
  • 5.4 billion malware attacks
  • 623.3 million ransomware attacks
  • 97.1 million cryptojacking attacks
  • 60.1 million IoT (Internet of Things) attacks
  • 10.4 million encrypted threats 

Whether these types of attacks are familiar to you or not, you’re vulnerable to them. SafetyDetectives, a cybersecurity group dedicated to distributing free resources on cyber security, recorded the percentage of industries in the U.S. reporting ransomware attacks in 2021. The construction industry landed third on the list with 13.2% of all ransomware attacks in the country, right behind manufacturing, with government sites in the top spot for cyber attacks. If you’re not concerned about your company’s vulnerability to cyber attacks, you should be.

5 Cyber Threats Against Construction Companies

  • Business Email Compromise (BEC) 

BEC is an attack that looks like an email from upper management (CEOs) or suppliers that ask recipients to fulfill a company invoice or transfer money. They may also ask for personally identifiable information (PII) or tax information. These emails work because they often use email addresses that either spoof a legitimate company address or are using a compromised company email account.

  • Ransomware

Ransomware is a type of software (malware) that blocks entry to a system’s data, often by encrypting it. Users cannot operate the system until they pay a ransom to unencrypt the data. The average ransom for an attack on a small business in 2020 was $5,600 while the average amount of lost business during a ransomware attack was $274,000, according to SafetyDetectives. Large businesses paid an average of $570,000 in ransom in 2021.

  • Phishing 

Phishing attacks are emails from cyber criminals that appear to come from known senders, similar to BEC attacks. They attempt to trick users into handing over sensitive information either through malicious links users click on in the email or malicious attachments created to look like invoices are other legitimate documents. Phishing attacks were responsible for over 80% of cyber security incidents in 2021, and it was the second most expensive data breach (behind BEC). 

  • Third-Party Vendors

Third-party vendors are organizations you partner with as part of your supply chain or as service providers to your organization. Third-party vendors often have access to a large amount of data, and when they’re attacked, your company’s data is exposed or stolen. A study in 2020 revealed that 31% of third-party vendors were vulnerable to cyber-attacks.

  • IoT Devices

IoT devices are digital devices that are connected to the internet and collect and share data. They include phones and smartwatches, but IoT also includes dash cams, drones,  GPS systems and Building Information Modeling (BIM), network routers, and internet-connected cameras. 

Solutions Companies Can Take To Prevent Cyber Attacks

  • Employee Training 

This is perhaps the easiest solution, but training employees on how to spot phishing scams, BEC, and other forms of attacks should extend beyond the IT department and upper management. A 2020 study by Stanford revealed that 88% of data breaches are caused by employee mistakes. 

  • Strong Passwords and Multi-Factor Authentication (MFA)

Employing multi-factor authentication, or placing two steps to access data instead of one, cuts the risk of a data break by 99%.

  • Limit Third-Party Access

Be aware of how much access you grant contractors and third-party vendors. Restrict access to only what your third-party vendors need and off-board contractors or vendors you’re no longer working with. 

  • Make Sure IoT Devices Are Secure

Strong passwords, MFA, network segmentation (making sure devices aren’t all interconnected), and regular software updates will help keep your IoT devices safe from attacks. 

  • Form a Cyber Attack Response Team

Clarify who is in charge if and when a cyber attack happens, and exactly what steps should be taken to secure the data. Include who will communicate to the rest of the company, insurance, clients, and other related parties. Practice the plan to ensure everyone knows their roles. 

  • Consider Cyber Insurance

Cyber insurance can protect you from the effects of a costly cyber attack. It’s a relatively new and rapidly growing field. Examine your needs and conduct a cyber risk assessment to decide what coverage could work for your company. 

Cyber crime will only grow in the future as the construction industry becomes more dependent on connected technology from the office to the jobsite. Read more about cyber security from the Federal Trade Commission and make a plan to protect your business.