Construction companies are the number one target of ransomware according to research by NordLocker. The study showed out of 1,200 companies hit by cyber extortion since 2020, the construction sector was the most vulnerable out of 35 specific industries.
The size of the company doesn't seem to make any difference. An Asia-based construction engineering company with an estimated worth of $20 billion fell victim to a ransomware attack. Small family owned companies also reported being targeted.
Officials say construction companies could be enticing to cyber criminals because construction companies can't afford to be down for long when working on projects.
“This factor, together with the industry’s razor-thin profit margins, provides the ransomware groups with conditions that make a payout more likely," says Oliver Noble, a cybersecurity expert at NordLocker.
"Additionally, the industry could be a tempting target to ransomware gangs because of its relatively traditional business model, which is to a large degree yet to implement advanced cybersecurity solutions," he adds.
Larger companies are the desired target of cyber criminals because payouts are better.
Although ransomware attacks are evolving, Noble provides some easy-to-implement cybersecurity tactics to serve your business as defense:
- Make sure your employees use strong and unique passwords to connect to your systems. Better yet, implement multi-factor authentication.
- Secure your email by training your staff to identify signs of phishing, especially when an email contains attachments and links.
- Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution for this.
- Adopt zero-trust network access, meaning that every access request to digital resources by a member of staff should be granted only after their identity has been appropriately verified.
Other top industries targeted are healthcare, IT, and manufacturing.