This audio is automatically generated. Please let us know if you have any comments.
Dive Brief:
- The cyber threat facing contractors shows no signs of abating, with 481 construction organizations listed on data-leaked websites used by ransomware attackers in 2024, a 41% increase year on yearaccording to a report by Tampa, Fla.-based cybersecurity technology company ReliaQuest.
- The report noted that fishing remains a thorny issue for builders as well. Spearphishing, or a personalized phishing attempt for a victim, was the most prominent attack vector, accounting for nearly one in five incidents, ReliaQuest said. Second, internal spearphishing, where a compromised account within the organization attacks other users within the company.
- Credential exposure is also a primary threat for builders. According to data from ReliaQuest’s cybersecurity protection product GreyMatter, credential exposure incidents now account for 75% of all building alerts, according to the report. The figure represents an increase of 83% compared to the previous year.
Diving knowledge:
In light of the research, ReliaQuest predicted that phishing attacks, cloud exploits and attacks using infostealers, a type of malware designed to compromise user credentials, will increase by 2025. Once credentials are released and sold, threat actors will be able to access sensitive data or deploy additional malware.
“The construction industry’s susceptibility to cyber threats and its critical need to maintain operational continuity make it a prime target for malicious actors,” wrote John Dilgen, cyber threat intelligence analyst at ReliaQuest and author of the report. “The diverse range of attacks targeting the industry underscores the urgent need for organizations to implement stringent security measures and digital risk protection (DRP) strategies.”
To protect themselves, contractors must be vigilant. One of the metrics ReliaQuest used to measure performance is known as “mean time to contain a threat,” or MTTC. On average, companies in the construction industry contain a threat in about five hours. However, companies that used automation and artificial intelligence had times closer to five minutes.
According to the report, builders should also:
- Audit accounts and cloud resources rigorously.
- Pay close attention to cloud permission levels that could grant extensive access.
- Enforce the principle of least privilege for all third parties and contractors.
- Enable multi-factor authentication for accounts.
- Implement a digital risk protection strategy to continuously monitor exposed credentials.
