Data shows that the global construction industry has become the most targeted sector by cyber criminals. Over the course of 2023, analysis conducted by CovertSwarm’s Offensive Operations Centre has shown that the construction sector has now become the most targeted industry by cybercriminals.
More specifically, ransomware attacks have grown exponentially over the last 12 months, with nearly half of construction companies experiencing a ransomware attack, as it continues to play catch up after years of not upgrading inefficient IT and security equipment.
A reliance on Internet of Things (IoT) devices, as well as a lack of preparedness - with nearly three-quarters of businesses admitting to not having incident response plans in place - have also contributed to the cyber threat’s heightened presence.
To help combat this, CovertSwarm, a cybersecurity solution provider, has announced the rollout of its innovative Offensive Operations Centre (OOC) - for free - in order to empower organisations to proactively respond to the significant rise in cyber attacks.
Anders Reeves, CEO at CovertSwarm, said: “The construction sector is in a critical position right now and its importance - globally - means it has got a target on its back. In an industry that has only relatively recently embraced digital workflow and record-keeping as part of the so-called Golden Thread of information, cyber security feels like an afterthought. There’s so much else to get to grips with.
“But the wealth of confidential data and information used and stored – as well as cybercriminals being aware of the industry’s under-protected stance on cyber security – means it is an increasingly appealing target. While the numbers behind the increase in cyber attacks on the industry are staggering, they’re not surprising. And it will only grow in the future. So, understanding what assets your business has, and so needs to protect, is fundamental to executing a coherent security strategy.
“The Offensive Operations Centre enables users to gain real-time attack surface insights, targeted vulnerability detection, and a seamless interface to submit changes or suspected issues to our ethical hackers for exploration. No other platform offers this joined-up, quality service and hybrid approach to offensive cybersecurity mapping and testing.”
The OOC is a centralised SaaS portal that manages every aspect of an organisation's offensive security program. It is a unified all-in-one toolset that offers free and premium-level insights into the ever-evolving attack surfaces.
It provides immediate value to companies, enabling them to gain a comprehensive understanding of their external attack surface in real-time and offers future-facing CovertSwarm 'Attack Plans,' covering digital, social, and physical security testing specialisms.
This approach bridges the gap between Attack Surface Management products, SaaS-identified vulnerabilities, and risk validation via CovertSwarm's in-house team. Through a simple 'one-click' submission, organisations can request ethical hacker testing and targeted red team attacks, enhancing security measures and simplifying the cyber risk lifecycle.
Analysing recent Statista data, the five most common root causes of ransomware attacks in the construction sector are as follows:
- Compromised credentials (33%)
- Exploited vulnerability (27%)
- Malicious email (24%)
- Phishing (15%)
- Brute force attack (1%)
Analysing the landscape, Anders Reeves added: "The construction sector's increasing dependence on temporary sites, networks, and a dynamic workforce, coupled with the adoption of innovative technologies such as IoT, automation, AI, PropTech, and data analytics, has significantly expanded potential vulnerabilities and attack vectors.
“The modernisation drive, intensified by the pandemic, underscores the urgency for a resilient cyber risk strategy. As digital transformation shapes the industry, it introduces new cyber risks, particularly in the realm of ransomware attacks. To safeguard against these threats, construction companies must proactively address vulnerabilities and foster a cybersecurity culture within their operations."
