8 main online threats to businesses in the construction industry

Annual report provides insight into threats

Every year, the European Union Agency for Cyber Security (ENISA) examines how cybersecurity is evolving. ENISA maps the current threats and the new attacks we should be wary of in the future. ENISA publishes its findings in the report ‘Enisa Threat Landscape 2022’. We reviewed the information and listed the eight most crucial online security threats of the moment.

1. Ransomware

One of the most well-known – and infamous – threats. A hostage software attack is all about one thing: locking data so that companies can no longer access their business data. Data is only released after companies pay a ransom. Well-known recent examples include the attacks on Royal Mail, the NHS and, more recently, the Guardian newspaper.

2. Malware

Malware is the umbrella term for all software programmes developed to infect computers. Ransomware, viruses, Trojan horses, spyware and keyloggers are examples of malware. Its purpose? To start processes or actions on a device without the user noticing. For example, a Trojan horse opens the back door for other malware, ransomware locks computers, and spyware collects entered passwords or financial data.

3. Social engineering threats

A social engineering attack conveniently exploits human trust, curiosity, and ignorance. This attack thus relies on human behaviour. For example, colleagues receive an e-mail from the Chamber of Commerce asking them to update their company details on the Chamber of Commerce website – obviously a fake website. Or they receive an e-mail from the CEO asking them to make an urgent payment to an unknown bank number quickly. Phishing, WhatsApp, and CEO fraud are well-known social engineering attacks.

4. Threats against Data

This includes all attacks where data is targeted. Sometimes they want to copy access data, manipulate it, and sometimes block access to it. From ransomware to DDoS attacks and deliberate data breaches, they are all threats against data.

5. Threats against availability: denial of service

After ransomware, this is the most common virtual threat today. These DDoS attacks focus on crippling IT systems so that businesses can no longer access them. ENISA notes that DDoS attacks are becoming more complex and are increasingly targeting IoT and mobile networks.

6. Threats against availability: Internet threats

In these attacks, the aim is to block access to the internet. An Internet connection is now required to work, communicate with each other, and keep abreast of what is happening worldwide. The internet has become almost a fundamental right in our modern Western world. This dependence on the internet makes it a favourite target of criminals.

7. Disinformation – misinformation

With the rise of social and online media, news and information reach us through many new channels. Therefore, determining whether the information is correct has become much more difficult. Cybercriminals cleverly exploit these media to spread false information (fake news). They aim to influence public opinion to cause confusion and unrest. According to the National Cyber Security Centre (NCSC), this form of cybercrime is ‘the new normal’ and groups from Russia and China have previously caused difficulties in the UK.

8. Supply chain attacks

A relatively new and rapidly growing threat is the supply chain attack. Cybercriminals try to penetrate the network via an external partner in this variant. ENISA notes that in 2022, IT suppliers became a primary target. The SolarWinds hack by the Russian hacker group Nobilium is a well-known example of a supply chain attack.

Choose a trusted and secure base in the cloud

Unfortunately, online crime is a threat that will not go away. Companies need to pay continued attention to good data security. As a construction, infrastructure, or installation company, it can be a tough job to guard against this. After all, it’s not your business expertise, but you do have to contend with rogue experts.

With Software-as-a-Service solutions (SaaS) from Microsoft, you better arm yourself against unwanted attacks. Security teams at Microsoft work around the clock to best protect Microsoft SaaS products and data centres from the most current threats. Those working with SaaS solutions such as 4PS Construct, specially set up for companies in construction, civil engineering, and installation, automatically work with the most up-to-date and secure software version. Thus, construction companies take full advantage of the extensive security updates that Microsoft continuously adds to the software.

Keep cybercrime on your agenda

Want to know more about working safely in the cloud? What risks surrounding cybersecurity companies in construction, installation and civil engineering should be considered? And above all, what should you do to mitigate the risks? Then download our white paper ‘Online security in construction, civil engineering and installation.’