Four hundred eighty-one construction organizations were listed on data-leaking websites used by ransomware attackers in 2024—a 41% increase year over year—according to a report from Tampa, Fla.-based cybersecurity technology company ReliaQuest.
Phishing also continues to be a problem for contractors. Spearphishing, a phishing attempt personalized to a victim, accounted for nearly one in five incidents, according to the report.
Another primary threat to construction contractors is credential exposure. According to data from ReliaQuest’s cybersecurity protection product, GreyMatter, credential exposure incidents account for 75% of all construction alerts, an 83% increase from the previous year.
ReliaQuest predicts phishing attacks, cloud exploitation and attacks via infostealers will increase in 2025. Once credentials are published and sold, threat actors can gain access to sensitive data or deploy additional malware.
To protect themselves, contractors need to be alert. One of the metrics ReliaQuest used to measure performance is the mean time to contain a threat. On average, companies in the construction industry contain a threat within about five hours. However, companies that used automation and artificial intelligence had times closer to five minutes.
According to the report, contractors should also:
A recent survey from insurance firm Travelers shows half of surveyed contractors do not have cyber insurance, according to Construction Dive.
View the 2024 Travelers Risk Index
The 2024 Travelers Risk Index asks business insurance decision-makers from U.S. companies of various sizes and industries about the issues that worry them most. Conducted by Hart Research, the survey had 1,202 respondents across eight industries, including construction.
Cyber threats were the top concern for survey participants with 62% saying they worry some or a great deal about cyber risks.
Contractors’ top three fears were hackers gaining unauthorized access to financial accounts; the failure to operate the company because of cyber events; and a security breach or hackers. However, contractors still are behind when it comes to protection against cyber threats.
Although 80% of construction industry respondents believe having proper cybersecurity controls in place is crucial, 70% do not use endpoint detection and response tools; 70% do not have a post-breach team; 56% do not have an incident response plan; 50% lack cyber insurance; and 45% do not use multifactor authentication for remote access.
Travelers published a cybersecurity guide that recommends companies take steps such as conducting audits or reviews of data privacy and security measures; interviewing in-house or third-party IT professionals about a system’s data security and privacy protection capabilities; and implementing safeguards such as multifactor authentication, endpoint detection, and response and data backup.
COMMENTS
Be the first to comment. Please log in to leave a comment.