A concerning rise in cyber attacks on the construction sector has been reported, linked to digital sign-ins.
- Construction companies have seen a doubling in cyber incidents over the past year.
- Digital sign-ins via mobile devices are identified as a potential vulnerability.
- Phishing scams are using document-signing programmes to extract credentials.
- The increase in attacks highlights the need for robust cyber security measures.
In an alarming development, construction firms are encountering a significant surge in cyber attacks, with industry experts pointing to digital sign-ins for workers as a possible cause. The rise in incidents was highlighted in a report by financial advisory firm Kroll, which noted that the sector now represents six per cent of its incident responses, a figure that has doubled compared to the same period last year.
The shift to mobile device sign-ins is seen as a contributing factor to this vulnerability. According to the report, workers are more susceptible to phishing attacks when accessing emails and sign-in documents while travelling. These circumstances could lead to decreased vigilance, thereby increasing the risk of falling victim to fraudulent schemes.
Kroll’s analysis indicates that many of these attacks are executed through business email compromises. There is a growing trend of phishing lures that mimic document-signing software, tricking workers into divulging sensitive login details and even multi-factor authentication prompts. Such breaches may result in redirected payments to illegitimate accounts, or the exploitation of contact lists for further fraudulent activities.
The National Cyber Security Centre has underscored the importance of implementing stringent cyber security protocols. They strongly advise construction firms to consult the ‘Cyber Security for Construction Businesses’ guide to mitigate these increasing threats. By adopting the recommended protective steps, companies can significantly reduce the likelihood of cyber incidents and safeguard their digital environments.
Additionally, there is a broader evolution in cyber attack techniques across various sectors, with attackers employing SMS and voice phishing strategies, and potentially deploying AI technologies to enhance these efforts. The involvement of advanced methods such as deepfake technology in recent scams, such as the one affecting engineering firm Arup, further illustrates the escalating sophistication and frequency of these cyber threats.
The construction industry must prioritise cyber security to combat these sophisticated and escalating threats.
