A recent report by financial advisory specialist Kroll has revealed a sharp increase in cyber attacks on construction companies, attributing this rise to the sector’s reliance on digital sign-ins for workers. The construction industry accounted for 6% of Kroll’s incident responses in the first quarter of this year, double the proportion from a year earlier. The report suggests that on-the-go working patterns, with employees frequently accessing emails on mobile devices, make them more susceptible to phishing lures and business email compromises.
Phishing lures, especially those designed to mimic document-signing programs, have become a common method for cybercriminals to socially engineer victims into revealing their credentials and multi-factor authentication prompts. These attacks can lead to redirecting payments to fraudulent accounts or scraping contacts for further phishing attempts. The report also notes the evolution of cyber attack techniques, with SMS and voice-based phishing tactics, raising concerns about the use of AI and deepfake technologies to enhance these attacks.
The National Cyber Security Centre emphasizes the importance of protective measures for construction businesses as they digitize more of their processes. They recommend engaging with the Cyber Security for Construction Businesses guide to significantly reduce the risk of falling victim to cyber attacks. The guide offers practical steps to safeguard data and devices against online threats.
In light of these rising threats, industry leaders like Arup have reported increasing sophistication in cyber attacks, including deepfake scams. Arup’s Global Chief Information Officer, Rob Greig, highlighted the various forms of cyber attacks they face, such as invoice fraud, phishing scams, and WhatsApp voice spoofing. These incidents underline the critical need for heightened cybersecurity awareness and robust protective measures across the construction sector.
