Outsourced IT Support For New York’s Construction Industry

Construction companies in New York face IT hazards other businesses do not.

Construction companies in New York are exposed to unique cybersecurity risks. Outsourcing IT can secure data, financial transactions, and even equipment.

Construction companies face many of the same hazards of day-to-day information technology (IT) management as any other company. Their accounts can be hacked. Their data can be copied. Their financial transactions can be redirected.

But construction companies in Greater New York face some risks in IT management that other kinds of businesses do not. Building plans and proprietary designs can be compromised. This can result in unfair competition in the bidding process. Corrupt data introduced into company computers can lead to egregious errors in costing construction. Cybercriminals can demand ransom for data security and even cause on-site sabotage of machines and equipment.

Just how common is cybercrime in the construction industry?

Construction cybercrime is on the rise.

Data released by cybersecurity software vendor Symantec reveal that one in six construction industry email users gets targeted by phishing. (Phishing is the criminal practice of sending emails that appear to be sent from familiar companies in order to induce recipients to reveal sensitive information. Phishing may attempt to obtain account numbers and passwords, but it may also seek information about the timing of financial transactions.) Symantec estimated that 7.9 percent of all emails received by construction industry managers were attempting to steal or compromise company information.

Cyberthieves prefer to focus their efforts on smaller construction companies. They will target an average of 6 most vulnerable email accounts in companies with 1 to 250 employees, but only an average of 11 vulnerable email accounts in companies that have more than 2500 employees.

The subject lines of phishing emails to construction companies were also tracked by Symantec.

  • 15.7 percent of phishing emails concerned a “bill.”
  • 13.3 percent of phishing emails claimed there had been an “email delivery failure.”
  • 2.4 percent of phishing emails announced that the recipient had an unclaimed package.
  • 1.1 percent of phishing emails claimed to have been sent by a regulatory agency or law enforcement.

Phishing attempts and malware attacks on construction companies were 12 percent higher in 2019 than in 2018.

What kinds of sensitive information are targeted by phishing in the construction industry?

Cyberstalkers case their targets before they attempt to intercept financial transactions.

Cyberthieves may seek to reroute payments to bogus accounts. Their email may appear to have originated with a familiar vendor and list a legitimate expense. Usually sent on a Friday afternoon, these emails go out with the expectation that the company officer who can verify the sender has gone home for the weekend. Typically, the recipient who actually reads the email just wants to take care of the request so they can go home, too. The hacker may even include a message on the lines of ‘”We were hacked so we changed our account, can you please send your payment to this one?’

Another technique that is becoming more common every month is “formjacking.” The hacker inserts malicious code into the server the construction company uses to process financial transactions. The malware extracts account and payment information. Cybercriminals use this information to divert funds into their own accounts.

Ambitious criminals may attempt to intercept wire transfers at the close of escrow. These attacks require detailed information on company transactions gathered from multiple breaches of the construction company’s Internet security.

In 2020, the most common objective of cyberattacks will be to determine the context of financial transactions. Peeking into company operations, cybercriminals can schedule their phishing attempts for the times your company’s financial data is maximally vulnerable. But there is growing interest in hijacking operational and equipment control systems.

Lapses in cybersecurity can send your firm literally crashing down.

Forbes reported that in March 2018, online security researchers Federico Maggi and Marco Balduzzi, both employed by the Japanese cybersecurity firm Trend Micro, persuaded an Italian construction site manager to allow them to attempt to take over his company’s construction crane by remote control. Armed with nothing more than laptops powered by their Volkswagen’s battery, an off-the-shelf wireless hub, and some malicious code, Maggi and Balduzzi attempted to put an idle crane into an active state. To their astonishment, a few seconds later, the crane began to shift from side to side.

The researchers realized their hack had worked. Within a few months, they mastered malicious code for taking over excavators, scrapers, and other large equipment. By the end of 2019, it was obvious that cranes and other construction equipment around the world were hopelessly vulnerable to remote control and the potential for catastrophic damage was very real.

IT Outsourcing

Cyberattacks are no longer all about stealing company secrets and diverting payments. Hackers are no longer limited to stealing company secrets, copying blueprints, breaking into employee compensation records and payroll, and imitating vendor and third-party accounts. Malware can now make a construction company physically as well as fiscally come crashing down. Construction companies are vulnerable to attacks from cybercriminals, industry competitors, disgruntled former employees, and terrorists.

Construction companies need to protect themselves from financial disaster with appropriate bonding and insurance. They also need to prevent attacks with dedicated expertise provided by the right IT outsourcing. Network Outsource is the IT provider that can help your company regain governance over its data.

Network Outsource has been providing IT outsourcing and Internet security to construction firms in the Greater New York area since 1996. Network Outsource can provide security for a great deal more than just emails. Network Outsource can provide you with data security “on the go” for mobile communications that is “always-on” to protect your company from every new generation of cyberthreats. We offer applications designed for the construction industry, management of wireless and broadband, and advanced cybersecurity protocols to address data privacy, phishing attempts, malware, ransomware, phishing, and equipment control issues.

Keep control of your information technology 24/7. Let Network Outsource show you how.