
Cybersecurity for Construction

Cybercrime in the Construction Industry: A Growing Threat
The construction industry is experiencing a significant increase in cybercrime. Once considered less vulnerable than other sectors like finance or healthcare, construction companies are now prime targets for cybercriminals due to the increasing digitalization of their operations and the valuable data they possess.
This report examines the growing threat of cybercrime in the construction industry, focusing specifically on medium-sized companies. It analyzes the types of attacks commonly targeting construction companies, the financial impact of these attacks, and provides recommendations for improving cybersecurity posture.
​
​
Statistics: Cybercrime in the Construction Industry
More than 75% of construction companies and related businesses reported experiencing a cyber incident in the past year.
The average cost of a ransomware attack was $4.54M (IBM).
The average cost of recovering from a ransomware attack in 2023 was $1.82 million, excluding the ransom payment (SC Media).
Cybercrime is projected to cost businesses approximately $10.5 trillion annually by 2025.
The frequency of ransomware attacks on the construction industry increased by 48% from 2022 to 2023.
Recent studies highlight the alarming rise of cybercrime in the construction industry.
Construction was ranked as the most targeted industry for ransomware attacks in a recent report. Many construction companies lack awareness of cyber threats and have inadequate cybersecurity measures in place.
​
Several factors contribute to the vulnerability of construction companies:
-
Increased Digitalization: The industry's growing reliance on technology, including Building Information Modeling (BIM), cloud-based business tools, hosting services, and Internet of Things (IoT) devices, expands the attack surface for cybercriminals.
​
-
Supply Chain Complexity: Construction projects involve numerous people, process and processes, including suppliers, and consultants. Subcontractors with varying levels of cybersecurity maturity may inadvertently increase risk. This interconnectedness creates vulnerabilities that can be exploited by attackers.
​
-
Outdated Legacy Systems: Many construction companies rely on outdated legacy systems that are more vulnerable to cyberattacks.
​
-
Time-Sensitive Projects: Construction projects move fast and often operate under tight deadlines, and attackers exploit urgency to increase the likelihood of a successful attack, such as through ransomware.
​​
​
Adding to the complexity of the cyber threat landscape, there is a concerning connection between Initial Access Broker (IAB) listings and ransomware attacks. IABs specialize in gaining unauthorized access to computer systems and then selling that access to other cybercriminals, including ransomware groups.
The manufacturing and professional services sectors have been particularly affected by this trend, with a high number of IAB listings and subsequent ransomware attacks6.
Another emerging threat is the use of the SocGholish malware distribution framework, which disguises itself as legitimate software updates to trick users into installing malware. This tactic has become increasingly prevalent in recent months.
Our Solution

Immediate Action: We swiftly contain threats, assess vulnerabilities, and leverage our experience to implement robust security measures, optimizing protection and efficiency.

Proactive Defense: Continuously monitor assets, identify vulnerabilities, and implement robust security measures.

Commitment to Compliance: Our team are experts in compliance, regulatory adherence and foster a culture of security into our engagement partners.
Incident Response: Swift & Strategic
Containment: We act swiftly to contain threats, isolating affected systems and preventing lateral movement. This immediate action limits the scope of the attack and preserves critical business operations, helping to avoid further damage.
Eradication: Our experienced team identifies and eliminates the root cause of the breach, ensuring all malicious code, backdoors, and unauthorized access points are removed. By addressing the origin, we prevent the risk of reinfection or further compromise.
Recovery: With systems restored to full functionality, we ensure business continuity by minimizing downtime and disruption. Our recovery process includes a thorough examination to guarantee all vulnerabilities are patched and the environment is secured for future resilience.
Post-Incident Review: After the immediate crisis is resolved, we perform a comprehensive analysis of the attack, highlighting the weaknesses that were exploited. These findings allow us to provide tailored recommendations for strengthening your security posture, improving defense mechanisms, and reducing the likelihood of future incidents.




Collection: Our team uses advanced forensic tools and methodologies to gather digital evidence, ensuring all relevant data is captured accurately.
Digital Forensics: Uncovering the Truth

Preservation: We maintain the integrity of the collected data, ensuring it is securely stored and protected from tampering or corruption.

Analysis: Using cutting-edge forensic techniques, we examine the data to uncover critical insights, reconstruct events, and identify malicious activity. Comprehensive reports are legally defensible for court or regulatory investigations.

Actionable Intelligence: Our findings provide a clear roadmap for mitigation, improving defenses, or supporting legal proceedings.
References
1. Cyber Risk within the Construction Industry
AJG United States - Gallagher Insurance
https://www.ajg.com/news-and-insights/cyber-risk-within-construction-industry/
2. Top Cybersecurity Statistics for 2024
https://www.cobalt.io/blog/cybersecurity-statistics-2024
https://www.scworld.com/resource/report-ransomware-payouts-and-recovery-costs-went-way-up-in-2023
https://www.ibm.com/reports/data-breach