The time is now to protect your firm from ransomware attacks | #ransomware | #cybercrime

Stel Valavanis is the founder and CEO of onShore Security, a Chicago-based cybersecurity firm. Opinions are the author’s own.

Ransomware attacks are one of the biggest cybersecurity threats to U.S. businesses, and the construction industry is not immune. In fact, it was the most commonly attacked industry in 2022, according to research by NordLocker. Government agencies and insurance carriers are no longer waiting for improvements and instead mandating them as table stakes to do business.

Construction firms need to be vigilant and defense-minded as hackers look for any opportunity to break into their systems, which have become more vulnerable during the pandemic as support for remote and hybrid work has grown. 

To make matters worse, the threat is evolving. Hackers are going after larger, more potentially lucrative targets, through direct attacks as well as by using vendors and partner companies as vectors to gain access.

A headshot of Stel Valavanis

Stel Valavanis

Permission granted by onShore Security


Construction companies may not think of themselves as likely victims, but from the perspective of cybercriminals, they are the weak point in the wall of defenses surrounding these high-value targets — which puts them squarely in the hacker’s crosshairs. 

This evolution coincides with a change in tactics once the hackers succeed in breaking in, according to CSO. Rather than simply locking the network down with malware and demanding payment to release it, cybercriminals are increasingly downloading sensitive information — such as passwords and financial data — from the victim’s computer or network and threatening to leak it if the ransom is not paid. They may ratchet up the pressure to pay by contacting the victim’s customers and other stakeholders via email or even phone to alert them that the victim has been hacked and their data is compromised. 

The approach puts even more leverage on the victim to comply, and could potentially inflict more damage than the ransom itself in the form of lost business and reputation. In some documented cases, ransomware gangs are skipping the file encryption altogether and focusing solely on this data extortion scheme. 

Government pressure

The pressure on companies is not only from the cybercriminals. Cyber insurance policies have been drastically increasing insurance premiums and insisting on ever more stringent and costly security measures. Insurers now require clients to employ endpoint detection software and firewalls, conduct regular system updates and audits, implement recovery tools and procedures, and maintain stricter controls such as multi-factor authentication and even full system logging and analysis.

Meanwhile, the Biden administration is weighing a ban on ransom payments, according to Cybersecurity Dive, in order to limit the profitability of attacks for ransomware gangs. A similar proposal is being considered in Australia, per InfoSecurity Magazine. Other measures include increasing legal liability for companies and their boards and even requiring board members to receive training and sign off on cybersecurity posture.

Companies with federal contracts are required under the Department of Defense’s Cybersecurity Maturity Model Certification 2.0 to implement cybersecurity standards in order to protect federal contract information and other controlled data. This requirement applies to vendor management as well.

A construction company may be several steps removed from the actual ransomware attack, but if government contract-related files have been shared with a victimized vendor, the company may still be held liable. And contractors will be passing this liability to their subs.

Take defensive action

In the face of this growing threat, it’s important that companies do what they can to protect their systems from ransomware attacks. Here are three steps to take.

1. Get serious about IT support. It is tempting to keep the IT budget lean and rely on employees to maintain their own machines. But doing so often means security patches and other key updates go un-downloaded and uninstalled, progressively leaving more doors open for hackers to try. Hire knowledgeable and reliable IT staff (or a trustworthy contractor) who will be proactive about network maintenance and security. 

Source link

National Cyber Security