Hacking A Construction Company [And How To Prevent It]

Did you know 85% of domestic hacking activity originates within the USA, with 56% coming from the same state, and 35% from the same city as the victimized company? While tech adoption continues to spread through the industry, construction is now ranked as the #1 target for ransomware attacks. Ransomware is a form of digital blackmail which targets vulnerable businesses, disrupting critical processes, and potentially halting business.
In this blog we will explore 7 specific ways construction companies can get hacked and how to prevent it. 
Business email compromise. Techniques include email spoofing, where fraudsters pose as trusted email senders asking recipients to click on links enabling them to gain access to data.
Domain impersonation. Attackers purchase a domain name similar in appearance to a company’s or vendor’s. Changing a letter “l” to a numeral “1” can fool recipients into trusting emailers.
Name dropping. Fraudsters create an email address appearing to be a CEO’s personal address, then ask an employee, for instance, to buy and mail gift cards to a given address.
Unauthorized access. In another technique hackers gain unauthorized access to a company or vendor email, and use the compromised legitimate mailbox to send email. The hacker is in control of the outgoing messages being sent.
Password guessing. Security professionals and fraudsters alike possess tools to guess passwords. Hackers know and try common passwords like Summer2021. Weak passwords can be susceptible to a guessing attack.
Password guessing also occurs after websites are hacked. LinkedIn, for instance, has been hacked, users’ passwords stolen and sold online. In many cases, people with LinkedIn profiles reuse LinkedIn passwords on work email systems. Click here to look up accounts and learn whether those online sites have fallen victim to known data breaches.
Ransomware. In this especially insidious type of attack, fraudsters hack into a company’s network, gain full administrative control, then deploy ransomware to lock the company’s systems. The hackers demand ransom to unlock the system. Many criminals delete company backups in their initial system penetration.
To combat theses types of cyber risks, SBGP recommends these protective measures:
  • Enable multi-factor authentication on as many accounts as possible.
  • Harden your email spam filter.
  • Create a strong password policy with long passwords.
  • Train your end users.
  • Keep good backups, isolated from your network.
  • Consider cyber insurance.
  • Evaluate security controls of third parties.