2 minute read
Connector - Winter 2022
Cyber Security for Construction
Understanding the risk and protecting your company
MANAGEMENT By David DeSilva and Anthony Dolce
The time when cyber risk was mostly a data breach-related issue is over. With the explosion in ransomware attacks, business email compromises, fraud and stolen credentials, cyber is now everyone’s risk. And as it continues to increase, construction companies have become a target.
Ransomware: The No. 1 Cyber Threat
The construction industry may not seem like an obvious target of cyber criminals compared to industries like health care, retail or technology – but that’s changing. Earlier this year, Canadian contractor Bird Construction and French contractor Bouygues Construction were both hit by ransomware attacks. Ransomware attacks often focus on companies that will be immediately impacted by the disruption caused by the attack. Construction companies are likely being targeted because of their limited awareness of cyber risks and their lack of cybersecurity.
In addition, ransomware can cause a substantial interruption to the complex supply chain of construction projects. And as attacks become more sophisticated, ransom demands have gone up dramatically. In fact, it’s not uncommon to have ransom demands in the range of several millions of dollars – that’s on top of the interruption loss incurred even when the ransom is paid.
Business Email Fraud
A unique feature of the construction industry is the extensive use of sub-contractors and suppliers, which involves a high degree of payments flowing to and from construction companies. Additionally, construction projects are often part of a public bidding process. The details in this process include information about the project and the winners. This makes construction companies an attractive target for business email compromise fraud. This is a deception scam where cyber criminals send fraudulent email messages disguised as legitimate invoices or wire transfer requests. The money is then transferred to the criminal’s account instead of the actual payee. In 2019, almost 24,000 of these incidents were reported to the FBI for a total of $1.8 billion in stolen funds.
Many times, contractors have open data connections with their customers for things like electronic bill paying and project management. When these connections are linked to their customers’ other important systems, it creates an environment for cyber attackers who’d like nothing more than to steal as much information as they can. And once they have the contractor’s credentials, those cybercriminals can take valuable information from the contractor’s customers.
