Previously the construction sector had limited personal data so many assumed that they were not a target for cyber criminals, unfortunately they were wrong.
With the increase in technology adoption comes the increase in attack vectors for cybercriminals to take note of, and according to Nordlocker, the construction sector is now the most targeted industry from ransomware attacks.
Supplier lists, customer data, payment information, infrastructure details, sensitive business details, the construction industry has it all. And the impacts of an attack can be severe.
Only 64% within the construction industry believe that cyber security is a high priority with only 20% of firms having board members responsible for cyber security (Cyber Security Breaches 2021).
It’s not just large firms which are affected. In the Eastern region one micro construction firm had 5 out of their 6 servers encrypted with Conti ransomware. They recovered within a couple of days but then found out that their removable media used for backups also was infected and that data had been stolen and was publicly for sale.
Both attacks can start through a phishing attack (tricking the victim to believe that they are a legitimate organisation) and phishing attacks are by far the most common cyber attack as they can be deployed at scale, with some statistics showing that 91% of cyber-attacks start with a phishing email.
Construction firms are below average when it comes to identifying, managing, and minimising cyber risks with only 35% having done any actions (such as cyber risk assessments, phishing simulations, vulnerability testing, threat intelligence) in this area.
Construction is also in the bottom of industries who have implements technical cyber security controls, they are less likely to have restricted IT access (61%, vs. 75% overall) or to have an agreed process around phishing attacks (39%, vs. 58% overall).
Only 5% of construction firms did any kind of security awareness training with their staff. This statistic is shocking when it is widely established that phishing attacks are by are the most common attack and staff play a key role in defending organisations against this. The ECRC can provide affordable staff awareness training bespoke to your company. Make a booking to speak with us about how we could help your company.
You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.
Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
The ECRC is a policing-led, not for profit, membership organisation, with the aim to increase the cyber resilience within small and medium businesses within the East of England (Hertfordshire, Bedfordshire, Cambridgeshire, Norfolk, Suffolk, Essex and Kent).
Policing led - business focussed.
Click to Open Code Editor