Why is construction the perfect target for cyber criminals?

When you think of cyber-crime, you might think big businesses, countries at war, or some of the more shocking headline-splashing scandals of recent years. However, the reality is cyber criminals are actively targeting the construction industry because its infrastructure and setup offers easy access, and we’re not just talking about the big names but SMEs too.

Construction is so visibly at risk from cyber criminals, the National Centre for Cyber Security has published a special guide to help businesses better understand how to protect themselves.

Haven’t got time to get into the details? Let us take care of your data protection and backups so you can get on with managing your business.

Get in touch now or take our complimentary backup health check and we can let you know how to best protect your most valuable asset – your data.

Why is construction at risk from cyber-crime?

Businesses like yours are seen as an easy target for cyber criminals. Why? Construction is currently exploring new technologies and adopting digital ways of working. Data is a valuable asset in the industry and because of the relatively late and sometimes haphazard adoption of technology, it isn’t always well protected or managed.

Many businesses also have high cash-flows, use sub-contractors and suppliers, and take large numbers of high value payments. All of these reasons make them an attractive target for a cyber-criminal. Attacks are on the rise and businesses of all sizes in the sector need to be prepared.

How is cyber-crime targeting construction?

The number one threat is ransomware – attacks carried out via phishing emails, malicious links, and file attachments that convince your employees or suppliers to click a button. The result? Chaos from downtime, data loss and ransom demands.

Research completed in partnership with Construction News has revealed that 39% of UK businesses experienced a ransomware attack in the past year:

  • 83% of the firms reported the threat had been caused by phishing attempts.
  • 21%, which is just over 1 in 5, experienced more sophisticated attacks, including denial of service, malware and ransomware.

You might think your data is protected, but what about your suppliers and subcontractors? Weaknesses in this area are some of the prime ways that cyber criminals can gain access to your data and networks.

A construction industry horror story

If cyber-crime sounds far-fetched to you, national brands such as Bam Construct, Interserve and Bouygues have already fallen victim to it.

According to Construction News, Interserve, a British construction and support services business, had cyber attackers access the bank details, national insurance numbers and special category data including ethnicity, religion, sexual orientation and health conditions of up to 113,000 Interserve workers. The report from CN says,

“Interserve Group – the company created after Interserve plc’s pre-pack administration – has been fined £4.4m by the Information Commissioner’s Office (ICO) for a breach of data protection law.

Interserve had previously reported it was hit by a cyber-attack in May 2020. Now the ICO has revealed that an Interserve employee forwarded a phishing email, which was not quarantined or blocked by the company’s systems, to a colleague who opened it and downloaded its content, resulting in the installation of malware onto their workstation.

Interserve’s anti-virus mechanism quarantined the malware and sent an alert, but the company failed to thoroughly investigate the suspicious activity, a statement from the ICO said.

The attacker subsequently compromised 283 systems and 16 accounts, as well as uninstalling the company’s anti-virus solution. Personal data of up to 113,000 current and former employees was encrypted and rendered unavailable.

The ICO found Interserve used outdated software systems and protocols; failed to follow up on the original alert of a suspicious activity; had a lack of adequate staff training; and carried out insufficient risk assessments.”

Why is this bad new for the construction industry?

Reputation is everything. In an industry where it pays to be solid, data breaches mean bad PR and potential regulatory fines. As cyber-attacks become more sophisticated, it’s important to protect your business with professional advice.

How can Vitanium help?

The best way to safeguard your data is to seek out expert advice.

At Vitanium, we have over 20 years’ experience in data management and back up, so we know there is no one size fits all. A thorough and professional data health check will help you evaluate your backup plan for maximum protection, and minimum disruption, get in touch with our expert team now and let us take care of it.