It was 4:00 a.m. on a Sunday when a large construction company noticed there was a problem. The company network and all its systems were locked up by ransomware. This prevented access to the most basic information about job sites, subcontractors and employee information. As a result, they could not notify their customers who expected them on-site on Monday or contact employees to let them know not to show up for work the next day. A ransomware attack had disrupted business to the point that the company could not move forward.
Such a disruption demonstrates exactly why ransomware is so effective for cyber thieves. The effect is immediate, and most, if not all business functions are frozen.
However, the real damage comes with recovery:
- Forensics investigations
- System recovery
- Loss of data
- Impact of privacy breaches
- Loss of revenue
Yes, Even Construction
As this company found out, even construction is targeted by threat actors — perhaps more so than other industries and more than anticipated. Cyber thieves look for vulnerable businesses, ones that may not be targeted for obvious reasons due to their small amounts of personally identifiable information, personal health information or even personal financial information. Due to their perceived low cyber risk, these businesses may not have adequate protections in place or may have outdated systems.
Inadequate or outdated IT infrastructure can turn into a massive misstep – an expensive one – for any construction firm. According to the global Sophos State of Ransomware Report 2021, 31% of industries hit with ransomware attacks were in the construction and property industry. While larger organizations in all industries were most likely to be hit with ransomware, 33% of smaller companies were also attacked. The average payout for such attacks: just under $175,000, with the highest reported payout being $3.2 million. (1) The construction company could not be up and running while locked out of their systems and until the ransom was paid. The ransom demanded upwards of $600,000.
Fortunately for the company, there was a cyber liability policy in place. When they called their insurance carrier, they immediately were put in touch with the appropriate response team, which comprised expert privacy counsel and forensics specialists to determine their response. Without a cyber liability policy in place, the company’s next steps would have been more complex and cost them even more time and money.
Preventing and Preparing
Even with cyber liability coverage, construction firms need to have a solid prevention and response plan in place to address cyberattacks. NFP’s cyber experts recommend educating all employees on cyber risks. With so much business currently being conducted remotely, your staff should know how to identify spoofed emails, phishing attempts, and what types of information should not be shared over email.
Should a phishing attack occur, having your networks segregated can suppress the damage. If a hacker accesses one part of the network, the other would be separate and unreachable if properly segmented. Restricting access to sensitive data, such as HR files or financials, can bring that risk down even further.
Using multi-factor authentication, even in restricted networks, can further increase a company’s ability to halt cyber breaches quickly. Adding a few more layers of security, such as text-generated PINs, security answers, voice recognition authorization, facial or fingerprint scanning can add crucial security steps between your network and anyone trying to access it.
Regularly testing your security is the best way to know how effective it is before any hacker strikes. Also, penetration tests and checking the environment for vulnerabilities can reduce the risk of loss should a breach occur.
One overlooked vulnerability is the software you use. If your organization is still using end-of-life software, segregate it from the rest of your company networks, or consider upgrading to a more secure and supported application. For example, if your company still uses an outdated version of Windows operating system, that should be removed from the main network or replaced with a new version that still receives regular updates and security patches.
Without some form of monitoring, however, hackers could still wreak havoc on your organization. Endpoint detection and response solutions can detect a breach or attempted breaches, which gives your organization a faster response time to avoid or lessen the impact of an attack.
Insuring the Risk
Fortunately, purchasing cyber liability insurance for construction firms is easy. With a few questions answered, your company can receive quotes and bind coverage quickly. Once the policy is in place, your company gains the further benefit of access to many resources that can help prevent and respond to cyberattacks.
In addition, it is paramount to partner with a broker specializing in cyber liability as well as construction, as they are best positioned to help understand the threats your company faces. A cyber construction specialist can connect you with the appropriate resources to proactively prepare for that inevitable risk.
Until a cyberattack hits your organization, it is difficult to understand how debilitating such an attack can be. With systems shut down, access denied across the company, and critical data at risk, your company’s operations come to a standstill. Putting cyber liability insurance in place gives your organization a turnkey approach to lessen the impact of a cyberattack.