From 2023 to 2024, attacks on construction companies doubled, comprising 6% of Kroll’s total incident response cases, according to the 2024 Cyber Threat Landscape report from risk-advisory firm Kroll. In Texas, where the construction industry is booming, experts at Kroll note that the uptick could be driven by how work is carried out in the industry: employees work with numerous vendors, work remotely via mobile devices, and operate in high-pressure environments where urgency can sometimes trump security protocols. These factors make the Texas construction industry ripe for cyber-attacks.
Why Construction Companies in Texas Are Ripe for Hackers
Business email compromise (BEC) — fake emails designed to trick employees into giving away money or sensitive information — made up 76% of attacks on construction companies, according to Kroll. These emails often appear as document-signing platforms or invoices to socially engineer users into giving away information.
These tactics have a higher success rate in smaller construction companies in Texas for several reasons:
- High Vendor Interaction: Texas construction companies work with numerous suppliers and vendors. Each vendor represents a potential weak spot that hackers can exploit. If a hacker gains control of a vendor’s email, they can send fake invoices that appear real, tricking businesses into sending money to the hacker’s account. This scenario presents multiple entry points for hackers across Texas.
- Frequent Mobile Sign-ins: Texas construction employees often rely on mobile devices to sign into accounts and communicate from anywhere. This mobile accessibility, while convenient, increases risk because mobile devices are typically less secure than desktops or laptops.
- High-Stakes, High-Pressure Environments: In Texas, where construction delays can be costly, employees may rush to process invoices or approve transactions without thoroughly verifying their legitimacy. This urgency is precisely what attackers count on to bypass standard security checks.
Your Texas Business Could Be Next
Construction companies are not the only ones experiencing more attacks in Texas. Small manufacturing companies, higher education institutions, and healthcare providers in Texas that lack the robust security infrastructure of larger industry players are also examples of industries seeing a rise in cyber-attacks. These industries, like construction, deal with numerous vendors and urgent invoices, making them prime targets for business email compromise and invoice fraud.
How Texas Businesses Can Protect Against BEC and Invoice Fraud
- Use Multifactor Authentication (MFA): Accounts that use MFA are 99% less likely to be attacked, according to the Cybersecurity and Infrastructure Security Agency. MFA requires multiple forms of verification before granting access to sensitive information. Even if hackers obtain log-in details, they can’t access accounts without the second credential, typically a mobile device or a biometric scan.
- Always Verify Supplier Information: One of the simplest yet most effective measures is to verify the authenticity of invoices and supplier information. Establish a protocol where employees are required to double-check the details of any financial transactions directly with the supplier through a known and trusted communication channel, such as a phone call.
- Keep Employees Trained on Common Attacks: Employee training is a vital component of a comprehensive cybersecurity strategy. Regular training sessions on recognizing social engineering and phishing attempts and understanding the importance of following verification protocols can empower employees to act as the first line of defense. The Information Systems Audit and Control Association recommends cybersecurity awareness training every four to six months. After six months, employees start to forget what they have learned.
- Maintain Strong Cybersecurity Practices: Cybercriminals regularly exploit outdated software to gain entry into systems. Small businesses in Texas can close these security gaps by keeping software up-to-date. Investing in robust antivirus and anti-malware solutions can help detect and stop attacks before they infiltrate your systems.
You’re a Target, But You Don’t Need to Be a Victim
Hackers are increasingly targeting small, invoice-heavy industries like construction, manufacturing, and healthcare in Texas due to their inherent vulnerabilities. By understanding the reasons behind these attacks and implementing robust cybersecurity measures, small business leaders in Texas can protect their organizations from becoming easy targets. Utilizing MFA, maintaining strong cybersecurity practices, verifying supplier information, and training employees are essential steps in stopping attacks.