Lawyer warns firms preparing big project bids face hack risk

Hackers may target construction companies to steal intellectual property or carry out invoice fraud

It is critical to understand the motives behind a cyberattack, a Pinsent Masons expert told Construction Week.
It is critical to understand the motives behind a cyberattack, a Pinsent Masons expert told Construction Week.

Construction companies preparing bids for high-profile projects may be a cyberattack target, a lawyer has warned.

If a breach takes place, it is critical to understand the motives behind an attack, Ian Birdsey, a partner at Pinsent Masons who heads up the law firm’s global cybersecurity and cybercrime team, told Construction Week.

Hackers may want to steal intellectual property, commit invoice fraud, or obtain valuable information about a high-profile project and pass it on to a rival, he said.

READ: Cyberattack strikes Italian EPC contractor Saipem

“It might be that the construction company is working on a very high-profile project [that is] at the bid stage. It might be that a competitor from another country is competing and [the cyberattack] might be to obtain inside information,” he said. 

Pinsent Masons has handled “hundreds and hundreds” of cybersecurity cases so far, according to Birdsey, who spoke to Construction Week after Italian oil and gas contractor Saipem suffered a cyberattack on 10 December, 2018. 

In the event a hack is identified, compliance with the law is critical, Birdsey said.

“You need to understand and comply with all regulatory notification obligations. For example, [the company] might be regulated by a state regulator and so it may have a statutory or regulatory notification obligation. It might have contractual notification obligations.

READ: No data stolen after Saudi, UAE servers of Saipem hacked

“We’ve dealt with a number of incidents where it’s a purely financial motive and the attacker is trying to perpetrate an invoice fraud,” he added.

“You might try to target individuals in the finance team, a junior employee, or even a director. You could try to launch what’s known as a 'man-in-the-middle' attack, where [hackers] essentially change bank details within the process to divert money to [their] bank account.”

“What we see is that the legal issues are at the core of breach responses; so, it’s really important to have legal at the heart of the response to deal with all the kind of issues that arise out of a data breach or security incident.”

Most popular

Awards

CW Oman Awards 2020: Meet the winners
A round of the thirteen winning names at the Construction Week Oman Awards 2020 that

Conferences

Leaders UAE 2020: Building a sustainable, 'resilient' infra
AESG’s Phillipa Grant, Burohappold’s Farah Naz, and Samana's Imran Farooq on a sustainable built environment
CW In Focus | Inside the Leaders in KSA Awards 2019 in Riyadh
Meet the winners in all 10 categories and learn more about Vision 2030 in this

Latest Issue

Construction Week - Issue 767
Sep 01, 2020