Anthony Gilbert, Cyber Threat Intelligence Lead
The construction industry may not appear to be an obvious target for cybercrime. The industry has an image of being a physical world industry with no connections to the digital one. If only that was true. The construction industry is being sought out by threat actors as the next easy target. In 2020 the average cost of the data breach within the construction industry was $4.99 million US dollars.
The construction industry is no longer just a manual labour employer. It is heavily interconnected with multiple sites needing to exchange information back to the central office through cloud services, and with most workers being connected via mobile endpoints, the building trade is a sophisticated digitally managed industry.
Over the past 18 months the UK building sector has seen numerous cyber-attacks with some major firms being victims. (Bam Construct, Interserve, Bouygues UK, RMD, Kwikfirm and Amey). Several supply chain links into the construction industry have also been victims of cyber events with payroll companies, that supply the industry, being subjected to several attacks.
This is not only the UK sector. When you look at the global picture it is easy to see that construction is a major target for threat groups as several large attacks across North America and Canada have been seen across the past year.
Part of this move to the construction industry has been linked to the global pandemic. The construction industry workers were listed as key workers, which meant the industry was one of the few that were still making money. Further to this, when you look at the wider political links to construction, it is easy to see the influence of nation state threat groups. China has a huge foot hold within Africa as it builds out the region’s infrastructure. This has caused some political tensions across the globe, due to the huge mistrust of the region and the possibility of bringing some regions of Africa up into 2nd or 1st world status.
Other areas look towards the construction arena for the latest building techniques to bring their own infrastructure up to date and ensure that their current failing infrastructure will hold. Russia and North Korea are two regions who have been identified in doing this.
Then you have the criminal groups who can target this high cash flow business. If a criminal group can gain access to a construction business system, they can redirect funds and influence the project. Most construction projects are built on the ability to meet project deadlines and contract specifications. If these are missed, due to a cyber-attack, it may often seem to make more financial sense to pay the ransom – compared to dealing with the financial penalties imposed from missing these deadlines.
The construction industry will continue to see a rise in cyber-attacks from two main areas. Financially motivated threat groups and Nation state groups.
There is a mentality within the construction industry that they do not hold PII so the risk from cyber-attack is negligible, and therefore the need to invest in cyber security is not seen as important. This is partly true but as we have seen, cyber-attacks are not just about sensitive data. Something the construction industry needs to learn to appreciate. The UK construction industry could become a global leader in developing a cyber strategy for the industry and it is important this is taken seriously – sooner rather than later.
At Bridewell, we can help develop such a strategy with our security assessments, penetration testing, Security Operations Centre, Threat Intelligence all at hand to help ensure that the construction industry is not the next big target for cybercrime.