The construction industry is continuously moving towards digitization by adopting technologies such as artificial intelligence, the Internet of Things (IoT) and Building Information Modeling software. However, this shift also brings significant cybersecurity risks.
As construction companies increasingly rely on digital tools and store large amounts of sensitive data, cybercriminals increasingly view them as attractive targets. Construction businesses must take action to protect sensitive information from data breaches and other cybersecurity incidents that can create financial hardship and reputational damage.
Keep reading to learn the common types of cyberattacks and best practices to mitigate risk.
Why Cybercriminals Target the Construction Industry
The following are just a few reasons why the construction industry is an appealing target for cybercriminals:
High-Value Transactions
Construction projects often involve significant financial transactions, making them attractive targets for ransomware, phishing attacks and financial fraud. The high value of these transactions can incentivize cybercriminals to attempt fraudulent payments or extortion.
Abundance of Sensitive Data
Construction companies manage sensitive data like blueprints, architectural designs, bids, contracts, plus employee and client information. Cybercriminals want this data in order to exploit it for financial gain through data breaches or sell it on the dark web.
Complex Supply Chains
With multiple stakeholders and subcontractors involved in construction industry supply chains — each with potentially varying levels of cybersecurity maturity — the odds of network vulnerabilities increase. Malicious actors may target these weak links in the supply chain, as they may serve as potential access points for cyberattacks.
Outdated Cyber Protection Measures
Many construction firms rely on legacy systems or outdated software that do not provide adequate protection against modern cyberthreats. These weaknesses present attractive opportunities for intrusion by hackers, who often seek out older systems that have known vulnerabilities and are easier to exploit.
Increasing Adoption of New Technologies
The digital attack surface has expanded with the construction industry’s increasing use of digital technologies (ex: IoT, remote project management, cloud storage). Although improving efficiency, these technologies have created more chances for malicious actors to infiltrate networks.
Common Cyberattacks and Why They’re Utilized
There are many types of cyberattacks; the following are commonly used against the construction industry for various reasons:
- Ransomware attacks occur when cybercriminals gain access to a business’s computer system, encrypt the files, and demand payment in exchange for providing a decryption key. This attack can be effective against construction companies because projects often have strict deadlines, making business interruptions extremely costly and prompting targets to pay the ransom quickly in an attempt to avoid further losses.
- Phishing attacks involve malicious actors tricking users into providing sensitive information such as passwords through fraudulent emails, texts, calls, websites or links. Construction firms often employ temporary staff and subcontractors who may not be familiar with a company’s internal communications. This makes phishing attacks especially effective, ascybercriminals can exploit this unfamiliarity and trick targets into revealing sensitive information or clicking on malicious links.
- Business email compromise (BEC) occurs when a malicious actor impersonates a legitimate individual like the CEO, or hacks into the person’s email account and fraudulently requests money or sensitive information. BEC scams are used against construction companies because large amounts of money and sensitive data often move between project stakeholders, so these requests may not raise a red flag and can go unnoticed.
- Supply chain attacks happen when a cybercriminal infiltrates a business’s supply chain. They often target less secure partners such as subcontractors or third-party vendors, and once they’re able to gain entry into the main company’s network, then compromise sensitive data.
- Distributed denial-of-service (DDoS) attacks are when cybercriminals overload a business’s network with traffic, disrupting standard operations or causing a network outage, leading to costly project delays. They can then leverage the interruption to extort a ransom from construction companies in exchange for ending the DDoS attack.
Cybersecurity Best Practices for the Construction Industry
Although cyberthreats are numerous and evolving, there are several measures construction businesses can take to safeguard computer systems and networks:
Employee Training and Awareness Programs
Establishing training programs helps employees educate their workers on cyber threats, and keeps the discussion of combating cyber risks top of mind all year long.
Multifactor Authentication
Also known as two-factor authentication, this adds additional layers of protection through authenticators, such as one-time passcodes or time-sensitive links, before a user can access a company’s network or system.
Regular Software Updates and Patch Management
Ensure software programs are best positioned to defend against the latest cyber threats by keeping software up to date, and checking for updates routinely.
Network Segmentation
Segmenting the network, or dividing it into smaller parts, can help protect it so that if it is infiltrated, there will be security barriers to prevent lateral movement across the network.
Access Controls
Limit who can view or access sensitive information and the situations when they may do so.
Data Encryption
Encryption transforms data into an unreadable, encoded format so that malicious actors cannot decipher it without the correct key.
Data Backup and Recovery Systems
Ensure your business can quickly recover after cyberattacks by storing your data in an external hard drive or cloud. This allows data to be reloaded onto systems and minimize downtime.
Vendor and Supply Chain Management
Companies can select and work with vendors with strong cybersecurity practices. By carefully vetting partners, construction companies can reduce the risk of supply chain attacks.
Incident Response Planning and Testing
It’s crucial to proactively build your cyber defenses by having policies and procedures in place on how to respond to cyberattacks so you can test systems ahead of time and repair weaknesses.
The Role of Cyber Insurance in Mitigating Risks
Even with a robust cybersecurity defense, no system is immune to attacks. Cyber insurance helps mitigate exposure to cyber-related losses, filling gaps that may be left by other policies, which typically do not cover cyber-related events. It is specifically designed to cover business interruption and other financial losses that result from cybersecurity incidents, such as data breaches and ransomware attacks.
Many cyber insurance policies provide access to a vendor panel that includes legal counsel, public relations firms, IT specialists and other experts who are experienced in managing cyber incidents. This can help businesses respond quickly and effectively to mitigate the impact of a cyberattack on operations, reputation and finances. Since cyber insurance policies vary in coverage, limits and exclusions, it is advisable to consult a licensed insurance professional for assistance in selecting a policy that best suits your construction business’s needs.
Get in touch with Commercial Risk Adivsor, Jake Potthoff to see if your business is prepped for a cyberattack.
