Cybersecurity in Construction: Mitigating Risks and Navigating the Threat Landscape

By: Christa Johnson

Dec 17, 2024 — The importance of the construction industry is known not only to those who benefit from construction but also to threat actors who seek to take advantage of the important position the construction industry has in our lives.

The construction industry is subject to unique cyber challenges due to a variety of factors:

• Construction companies handle sensitive data regularly, related not only to employees but also to proprietary and financial data.
• Construction projects have strict timelines, so interruptions must be resolved quickly. Threat actors leverage this knowledge and strike at the most inopportune time for the company, to take advantage of its need for a quick resolution.
• All construction projects, regardless of size, use a variety of vendors and third parties. This reliance on multiple parties can create opportunities for threat actors to insert themselves and reroute funds or stop work altogether.

Read more: Cyber Threats in Construction: 5 Key Vulnerabilities

This article discusses the impacts of ransomware, the potential pitfalls when it comes to reliance on third parties, and the growing prevalence of social engineering scams. We also discuss steps companies can take to prevent these cyber challenges.

Ransomware

Ransomware is at the forefront of most companies' minds when it comes to potential cyberattacks. A typical ransomware claim originates when a threat actor gains access to a company's computer system. Threat actors can initiate access in several ways, but a good number of intrusions occur because of human error, such as clicking an unfamiliar link or approving a multi-factor authentication request that an employee didn't initiate. As a result, the threat actor can access the company's system, and depending on the network security, they can potentially roam the system and install malicious software, exfiltrate data, or encrypt files.

Once the ransom note file is discovered (typically a .txt file or similar), a series of steps must occur to secure the company's system and expel the threat actor. These steps can cause large losses for the company. Specifically in construction, these steps can completely shut down work on a project, depending on the extent of the attack.

It's important that anyone who accesses data within your company is trained on what to look for in suspicious emails. It's also important that companies segment data and keep important data on a need-to-know basis. Companies should maintain immutable backups and put an incident response plan in place. These safeguards are a few a company can have in place to lessen or avoid the impact of a ransomware attack.

Third Parties

Completing a project requires the cooperation of many entities, including suppliers, contractors, and other vendors. While necessary, the involvement of multiple parties in one project can increase opportunities for threat actors. A vendor with poor cyber hygiene can enable a threat actor to infiltrate an important email chain, which, in turn, can cause delays that have a ripple effect down the chain. It's important to know if your vendors and suppliers have proper cyber protocols in place, including cyber insurance, to help ensure all parties are protected and disruptions are minimized.

Social Engineering

Social engineering attacks have increased, especially in the construction industry. Construction firms are often targeted for financial reasons, with attackers using social engineering to redirect vendor payments to fraudulent accounts. In some instances, compromised firms are exploited as springboards for downstream phishing attacks, where unauthorized access to email accounts enables hackers to target clients and vendors. The increasing use of digital sign-ins via mobile devices at job sites has contributed to the rise in attacks, as employees tend to be less cautious when dealing with phishing emails on the move, making them more vulnerable to such scams.

One example of a social engineering scam involves a threat actor inserting themselves into a conversation regarding an invoice and submitting fraudulent payment instructions in place of legitimate ones. This type of scam could include payments to suppliers, subcontractors, or any third party, as well as internal payments such as payroll. When the payment is made, it's sent to the fraudulent account instead of the intended recipient. Sometimes, fraudulent instructions aren't caught, resulting in multiple payments to the threat actor.

It's important to note that many of these emails look completely legitimate. Developing internal systems to verify new payment instructions is one way to safeguard against these kinds of losses. Implementing these systems and making sure everyone involved in the payment-making process knows these processes will help keep projects moving along and funded.

Conclusion

The construction industry faces unique and significant cyber challenges due to its reliance on sensitive data, strict project timelines, and the involvement of multiple third parties. Proper risk mitigation steps should be taken to help protect construction companies, their projects, and their reputations. At Gallagher Bassett, our team of cyber claims professionals manages these exposures — from the release of confidential information to business interruption and credit disruption — and helps clients navigate the complexities involved when an event occurs. Learn more about how we can help you provide an effective response to a cyber event, minimize your risk exposures, and provide you with actionable insights to drive superior claims outcomes.

Learn more: Cyber and Tech E&O Liability