(844) 627-8267
(844) 627-8267

A secure foundation? Cybersecurity in the construction industry | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


The construction industry is undergoing a digital transformation, and construction companies have become an increasing target for cyberattacks.

Digital innovations, such as artificial intelligence (AI), and Building Information Modelling (BIM) can help ensure projects remain on time and under budget, but increasing digitalisation presents challenges as it increases the attack surface area for cyber hackers.

A 2024 GlobalData poll revealed that 73% of respondents said cybersecurity was either already disrupting their industry or would do so in the next 12 months. Despite this, according to the UK government’s Cyber Security Breaches Survey 2024, only 20% of construction firms have board members taking responsibility for cybersecurity.

Recent high-profile attacks on construction companies, such as the 2020 cyberattacks on UK-based BAM and Interserve, serve as a stark reminder that cyberattacks can have lasting operational and reputational impacts. Both targeted companies had recently built the Nightingale Hospitals, the temporary hospitals set up by NHS England for the Covid-19 pandemic. In a devastating year for high-profile cyberattacks on construction companies, Bouygues was also targeted by a cyberattack in 2020. It took all its information systems offline as a precautionary measure.

A rapid growth in data usage, and dispersed data from a mobile workforce across many locations increases vulnerability to cyberattacks. These challenges, alongside increased security threats—more complex ransomware, phishing attacks, and growing supply chain risks—mean that construction companies are under continual security pressure. Managing these challenges presents significant cost management issues, especially as the construction industry remains a high-volume, low-profit industry.

Construction vulnerabilities to cyberattacks

Construction companies’ supply chains are vulnerable to attack. The last few years have seen a series of supply chain attacks. In such attacks, rather than targeting a third-party vendor’s vulnerabilities as a way into another company’s network, attackers deliberately aim to exploit the trust that exists between legitimate organisations in normal business operations. Supply chain partners are often granted the right to use and manipulate areas of a company’s network, applications, or sensitive data. This means attackers only have to penetrate the third party’s defences to infiltrate the company’s system.

Access the most comprehensive Company Profiles
on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free
sample

Thank you!

Your download email will arrive shortly

We are confident about the
unique
quality of our Company Profiles. However, we want you to make the most
beneficial
decision for your business, so we offer a free sample that you can download by
submitting the below form

By GlobalData

Country *
UK
USA
Afghanistan
Åland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint
Eustatius
and
Saba
Bosnia and Herzegovina

Botswana
Bouvet Island
Brazil
British Indian Ocean
Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic

Chad
Chile
China
Christmas Island
Cocos Islands
Colombia
Comoros
Congo
Democratic Republic
of
the Congo
Cook Islands
Costa Rica
Côte d”Ivoire
Croatia
Cuba
Curaçao
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern
Territories

Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard Island and
McDonald
Islands

Holy See
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
North Korea
South Korea
Kuwait
Kyrgyzstan
Lao
Latvia
Lebanon
Lesotho
Liberia
Libyan Arab Jamahiriya

Liechtenstein
Lithuania
Luxembourg
Macao

Macedonia,
The
Former
Yugoslav Republic of
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands

Norway
Oman
Pakistan
Palau
Palestinian Territory
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Réunion
Romania
Russian Federation
Rwanda
Saint
Helena,
Ascension and Tristan da Cunha
Saint Kitts and Nevis
Saint Lucia
Saint Pierre and Miquelon

Saint Vincent and
The
Grenadines

Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South
Georgia
and The South
Sandwich Islands
Spain
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen

Swaziland
Sweden
Switzerland
Syrian Arab Republic
Taiwan
Tajikistan
Tanzania
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands

Tuvalu
Uganda
Ukraine
United Arab Emirates
US Minor Outlying Islands

Uruguay
Uzbekistan
Vanuatu
Venezuela
Vietnam
British Virgin Islands

US Virgin Islands
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
Kosovo

Industry *

Academia & Education
Aerospace, Defense &
Security
Agriculture
Asset Management
Automotive
Banking & Payments
Chemicals
Construction
Consumer
Foodservice
Government, trade bodies
and NGOs
Health & Fitness
Hospitals & Healthcare

HR, Staffing &
Recruitment
Insurance
Investment Banking
Legal Services
Management Consulting
Marketing & Advertising

Media & Publishing
Medical Devices
Mining
Oil & Gas
Packaging
Pharmaceuticals
Power & Utilities
Private Equity
Real Estate
Retail
Sport
Technology
Telecom
Transportation &
Logistics
Travel, Tourism &
Hospitality
Venture Capital

<!–

–>

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Cyberattacks are likely to exacerbate any financial difficulties due to time lost on projects, extortion, or regulatory fines. Cyberattackers who gain access to a company’s network may be able to steal and potentially sell intellectual property. Cyberattacks can also lead to data breaches and supply chain disruption. Any cyberattack is likely to cause financial damage and lasting reputational damage.

According to the UK government’s Cyber Security Breaches Survey 2023, just over one in ten businesses say they review the risks posed by their immediate suppliers (13%, vs. 11% of charities). More medium businesses (27%) and large businesses (55%) review immediate supplier risks. The latter result is up from 44% of large businesses in 2022.

A 2024 Q1 poll by GlobalData revealed that the most common cybersecurity attack concerns for companies are phishing and spear-phishing, ransomware, and ransomware attacks. According to data published in a 2022 report by Advisen, the most common construction cyber losses by type are unauthorised contact or disclosure, malicious data breaches, and ransomware. Despite only accounting for 10% of cyberattack losses, ransomware is a growing threat concern for construction companies.

Cybersecurity faces an AI challenge

The prospect of offensive attacks using AI is increasing cybersecurity budgets as organizations try to understand the impact of generative AI on their security. The construction sector is particularly vulnerable to cyberattacks because it is rapidly incorporating new technologies, resulting in a larger attack surface for hackers to exploit. The integration of AI increases this attack surface area due to novel attack routes such as prompt injection, model extraction, and dataset poisoning.

AI also offers multi-faceted defensive capabilities: many AI cybersecurity techniques involve supervised machine learning models trained on huge volumes of labeled attack datasets and intelligence, enabling them to identify a threat and respond to it swiftly. However, learning how to counter AI-led attacks will take time.

In January 2024, construction company Maire Tecnimont implemented the Vectra AI Platform, which is a network detection and response (NDR) solution that significantly improved its cyber-attack detection and response capabilities through artificial intelligence and machine learning. Vectra integration has led to a significant reduction in false positives and alert volume.

In April 2024, Accenture and Google Cloud announced an expansion of their global partnership to help businesses better protect critical assets against persistent cyber threats. Together, they are providing construction company Lendlease with cyber detection and response. capabilities that make use of Google Cloud’s generative AI.

What can construction companies do?

Policies such as zero-trust access, a security model that uses strict identity verification for every person or entity attempting to access an organization’s network resources, regardless of whether the person or entity is in the office, bound by the network perimeter, or accessing the network remotely, can drastically improve a company’s cybersecurity posture.

Due to the number of construction sites being worked on at any one time, it is essential to have a decentralised cyber policy during construction. A decentralised cybersecurity approach refers to a strategy that distributes cybersecurity measures across multiple locations, devices, and systems. In addition, secure supply chain management, companywide cybersecurity training, cyber insurance, and following government regulations will help to reduce the fallout from a cyberattack incident.

The European Commission, the US Securities and Exchange Commission (SEC), and the US Senate are stepping up regulatory efforts. The European Commission is expected to adopt draft regulations to establish a European cybersecurity certification scheme (ECCS). This will cover a broad range of IT products with security components such as smartphones, bank cards, and routers. A new standard proposed by the US Securities and Exchange Commission (SEC) in March 2022, effective December 18, 2023, requires public companies to disclose material cybersecurity incidents within four business days, along with periodic reports about their cyber-risk management plans. Therefore, companies with poor cybersecurity management are more likely to receive regulatory fines after data breaches or data privacy investigations.

Construction companies should view cybersecurity on an equal footing with physical security and ensure chief information security officers (CISOs) are on company boards. This will also help companies navigate increasing regulatory scrutiny. The bottom line is that cybersecurity attacks are inevitable, so construction companies looking to improve their cybersecurity must be proactive to remain resilient.


!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1175064750058523’);
fbq(‘track’, ‘PageView’);

!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘501151668227761’);
fbq(‘track’, ‘PageView’);

——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW