Hackers Are Targeting Small Construction Companies And Other Invoice-Heavy Businesses
September 17, 2024
September 17, 2024
From 2023 to 2024, attacks on construction companies doubled, making up 6% of Kroll’s total incident response cases, according to the 2024 Cyber Threat Landscape report from risk-advisory firm Kroll. Experts at Kroll note that the uptick could be driven by how work is carried out in the industry: employees work with numerous vendors, work remotely via mobile devices and operate in high-pressure environments where urgency can sometimes trump security protocols. All of these factors make the construction industry ripe for a cyber-attack.
Ripe For Hackers
Business e-mail compromise (BEC) – fake e-mails designed to trick employees into giving away money or sensitive information – made up 76% of attacks on construction companies, according to Kroll. These e-mails look like document-signing platforms or invoices to socially engineer users into giving away information.
These tactics are having a higher success rate in smaller construction companies for a few reasons:
Your Industry Could Be Next
Construction companies are not the only ones experiencing more attacks. Small manufacturing companies, higher education institutions and health care providers that lack the robust security infrastructure of larger industry players are also examples of industries seeing a rise in cyber-attacks. These industries, like construction, deal with numerous vendors and urgent invoices, making them prime targets for business e-mail compromise and invoice fraud.
How To Protect Against BEC And Invoice Fraud
1. Use Multifactor Authentication (MFA)
Accounts that use MFA are 99% less likely to be attacked, according to the Cybersecurity and Infrastructure Security Agency. MFA requires multiple forms of verification before granting access to sensitive information. Even if hackers obtain log-in details, they can’t access accounts without the second credential, typically a mobile device or a biometric scan.
2. Always Verify Supplier Information
One of the simplest yet most effective measures is to verify the authenticity of invoices and supplier information. Establish a protocol where employees are required to double-check the details of any financial transactions directly with the supplier through a known and trusted communication channel, such as a phone call.
3. Keep Employees Trained On Common Attacks
Employee training is a vital component of a comprehensive cyber security strategy. Regular training sessions on recognizing social engineering and phishing attempts and understanding the importance of following verification protocols can empower employees to act as the first line of defense. The Information Systems Audit and Control Association recommends cyber security awareness training every four to six months. After six months, employees start to forget what they have learned.
4. Maintain Strong Cyber Security Practices
Cybercriminals regularly exploit outdated software to gain entry into systems. Small businesses can close these security gaps by keeping software up-to-date. Investing in robust antivirus and anti-malware solutions can help detect and stop attacks before they get into your systems.
You’re A Target, But You Don’t Need To Be A Victim
Hackers are increasingly targeting small, invoice-heavy industries like construction, manufacturing and health care due to their inherent vulnerabilities. By understanding the reasons behind these attacks and implementing robust cyber security measures, small business leaders can protect their organizations from becoming easy targets. Utilizing MFA, maintaining strong cyber security practices, verifying supplier information and training employees are essential to stopping attacks.
For more information on how you can protect your business give us a call at 888-966-9514 or click here to book your FREE Security Risk Assessment today.
TOSS C3 is the trusted Cyber Technology Services provider in Massachusetts specialized in serving law firms, libraries, local governments, and healthcare providers throughout the USA.
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.