Matt Andersen, the principal cybersecurity consultant at CliftonLarsonAllen (CLA), told the Construction Financial Management Association (CFMA) audience how vulnerable construction firms are to cyberattacks.
He said that approximately 80% of data breaches include compromises in password information. Additionally, increased work-from-home setups during the COVID-19 pandemic helped the upsurge of breaching opportunities. Besides, remote access is now the new normal.
With the rise in the number of users who have remote access, many hackers worldwide have moved from malware to credential stealing. They use VPN technologies and attempt to connect to your work systems using those technologies. Other than password compromises, there are also several cyber tactics that hackers use to penetrate companies that include:
In this crafty type of cyberattack, fraudsters hack into a construction company’s network to gain complete administrative control and deploy ransomware to lock the systems. The hackers also delete company backups during their initial system penetration. Another ploy they play is before deleting the backups; they download the backups and capture data.
The fraudsters usually demand ransom to unlock the system. They also request money so that they will not release the data to the world. The Data includes but is not limited to addresses, names, Social Security numbers, and the like.
Hackers like security specialists have tools to guess passwords. They know and try common passwords. Weak passwords are highly susceptible to a guessing occurrence.
Password guessing happens after websites are hacked. For instance, LinkedIn has been hacked, and users’ passwords were stolen and sold online.
You may use the legitimate website Have I Been Pwned to check whether your accounts have fallen victim to data breaches.
In unauthorized access, the fraudsters use the compromised legitimate mailbox to send the email. Then, the hacker is in control of the outgoing messages being sent.
Fraudsters create an email address that looks like a CEO’s personal address. Then, ask an employee, for example, to buy and mail gift cards to a specific address.
It happens when attackers purchase a domain name almost similar to a vendor or company. Changing the letter l to a number 1 can trick recipients into trusting the emailers and the domain.
Hackers would pose as your trusted email senders, asking you to click on certain links that allow them to gain access to your data.
The types of cyber threats mentioned above are some of the common ones that construction firms can experience. If you want to prevent them, train and educate your end-users against these cyber risks.