The construction industry, like many others, is facing a rise in cyber threats. According to the 2024 Sophos State of Ransomware report, a staggering 96% of attacks on construction and property companies also included attempts to compromise backups, with 61% of them succeeding. These attacks leave organizations in a precarious position, forced to choose between paying hefty ransoms or risking the loss, theft, or exploitation of their critical data.
Top cyber exposures in construction:
Social engineering and phishing are common causes of cyber-related losses for construction companies, as cybercriminals impersonate the company or clients to deceive employees into transferring funds to malicious accounts. This would also include invoice manipulation, which is a cybercriminal breaching the company’s email system, targeting customer invoices, then sending changes to the Automated Clearing House (ACH) instructions so the client pays the cybercriminal and not the company.
Business interruption and system failure can result in high costs for construction companies, as attacks that render critical data and systems inaccessible can require expensive recovery efforts and potential ransomware expenses.
Vendor and third-party security are crucial for construction companies as they heavily rely on external vendors for efficient operations. Any cyber event, such as an outage or exploit, at these vendors can have a significant impact on the construction company’s business.
Given the increasing prevalence of cyber threats in the construction industry, it is important to examine recent cyber events that have impacted construction companies.
Recent construction events:
- A large construction firm in the Pacific Northwest fell victim to a ransomware attack. The notorious ransomware group, Cactus, claimed responsibility for the breach. As a result, confidential HR information, including employee Social Security numbers, names, addresses, and dates of birth, was leaked. The company had to notify all affected individuals and take immediate action to address the breach’s consequences.
- small contractor in the Upper Midwest faced a lawsuit due to the malicious diversion of $735,000 in funds from their developer partner. The cybercriminals gained access to an executive’s email account and used a fraudulent notary form to redirect the payment to their own bank account. The developer alleges negligence on the part of the construction firm, claiming they lacked the necessary protections to prevent such incidents.
- A utility construction company in California experienced a data breach. After detecting suspicious activity in their network environment, the company had to notify and provide credit monitoring to individuals whose personal information may have been accessed by a malicious third party. This breach not only jeopardized the company’s reputation but also exposed individuals to potential identity theft and financial fraud.
The construction industry must prioritize cybersecurity to safeguard sensitive data and protect against financial losses and reputational damage. By implementing these best practices, construction companies can mitigate the evolving cyber threats they face.
Mitigating cyber threats in the construction industry:
- Implement robust backup and recovery systems
- Strengthen employee awareness and training
- Employ multi-factor authentication (MFA)
- Regularly update and patch software
- Engage third-party security experts
- Implement call-back procedures in account to verify wiring instructions or ACH changes
If you have any further questions or need assistance with cybersecurity in the construction industry, check out our cyber playbook.