Dive Brief:
- The cyber threat contractors face shows no signs of waning as 481 construction organizations were listed on data-leaking websites used by ransomware attackers in 2024, a 41% increase year over year, according to a report from Tampa, Florida-based cybersecurity technology company ReliaQuest.
- The report noted that phishing continues to be a thorny problem for builders as well. Spearphishing, or a phishing attempt personalized to a victim, was the most prominent vector of attack and accounted for nearly one in five incidents, ReliaQuest said. Internal spearphishing was second, where a compromised account within the organization attacks other users in the enterprise.
- Credential exposure is also a primary threat for builders. According to data fromReliaQuest’s cybersecurity protection product, GreyMatter, credential exposure incidents now account for 75% of all construction alerts, per the report. The number is an 83% increase from the previous year.
Dive Insight:
In light of the research, ReliaQuest predicted that phishing attacks, cloud exploitation and attacks via infostealers — a type of malware designed to compromise user credentials — will rise in 2025. Once credentials are published and sold, threat actors can gain access to sensitive data or deploy additional malware.
“The construction sector’s susceptibility to cyber threats and its critical need to maintain operational continuity makes it a prime target for malicious actors,” John Dilgen, cyber threat intelligence analyst for ReliaQuest and the report’s author, wrote. “The diverse range of attacks targeting the sector underscores the urgent necessity for organizations to implement strict security measures and digital risk protection (DRP) strategies.”
To protect themselves, contractors need to be on alert. One of the metrics ReliaQuest used to measure performance is known as “mean time to contain a threat” or MTTC. On average, companies in the construction industry contain a threat within about five hours. However, companies that used automation and artificial intelligence had times closer to five minutes.
According to the report, builders should also:
- Audit cloud accounts and resources rigorously.
- Pay close attention to cloud permission levels that could grant extensive access.
- Enforce the principle of least privilege for all third parties and contractors.
- Enable multifactor authentication for accounts.
- Implement a digital risk protection strategy to continuously monitor for exposed credentials.
