Cybersecurity priority: SCRA Comment June 2021

Companies are doing their best to hustle back to work following the disruption caused by the Covid-19 pandemic, while also embracing tech at record levels. At first glance, both these scenarios seem like overall positives. Yet it is also a crucial time to remind companies across construction and transport to do everything possible to protect their cyber assets.

To put it into context, malware (an abbreviation for malicious software) is a blanket term for trojans, viruses, worms and other harmful computer programs that hackers use to wreak havoc and cause destruction to gain access to sensitive information – and then demand money to remedy.

The ransomware virus that recently infected Colonial Pipeline in the USA, overwhelming its internal computer network and initiating one of the largest disruptions of American critical infrastructure by hackers in history, resulted in a US$5 million payout.

Joel Dandrea points out to businesses that "cybersecurity plans are as fundamental as fire safety plans"

This is a familiar concession that numerous businesses are forced to surrender to in order to salvage operational systems and data, on top of keeping private intellectual property and related proprietary information.

Shocking figures reveal that over half a million types of malware are globally detected on a daily basis. There are currently more than one billion malware programs in circulation, which is growing rapidly.

Statistics show that four companies across the globe fall victim to ransomware attacks every minute. And with the Internet of Things (IoT) rapidly inserting itself into all-things construction and transport, it should be emphasised that three in four infected IoT devices are routers.

An extremely desirable target for hackers, once infected a router can then spread the infection to the local network by infecting dozens of additional devices and basically handcuffing an entire organisation.

How keeping software up to date improves cybersecurity 
Fortunately, we are not completely helpless to prevent cyberattacks. Although it will require an ever-increasing, ever-evolving level of vigilance to stay a step ahead of the cybercrime community.

For starters, train your employees. Experts estimate 88 per cent of data breaches are caused by human error. Employees with little to no background in information security easily succumb to phishing emails, or unknowingly contribute to the distribution of malware.

It is critical to incorporate cybersecurity training with your annual safety training. Make sure to share specific examples, such as tips for handling confidential information, the ways cybercriminals exploit e-mails through phishing links and the proper process for reporting a suspected cybersecurity incident.

In addition, keep software up to date. Your organisation’s data is at greater risk if you are using old software and obsolete applications. It is also wise to use multi-factor authentication (MFA), which adds a layer of security to the login process. One well-known example is the security system used by most banks where a user is required to sign in with a password and a system-generated code that is sent to their mobile phone.

A lot of companies do not dispose of technological assets properly. Laptops, mobile devices or tablets hold valuable company data and must be fully wiped. Even printers and copy machines record data today, so they will need the same treatment.

And practice makes perfect, cybersecurity plans are as fundamental as fire safety plans. You must constantly review and practice, even periodically undergoing audits of your cybersecurity environments to ensure adequate coverage.

It goes without saying in the digital era that you should get yourself a solid cyber-insurance policy. Many construction or transport outfits, especially smaller ones, believe they do not have any real cyber risk so they tend to opt for an insurance policy that blends cyber with professional liability insurance.

You do not want to learn the hard way that the limited coverage offered by these policies is insufficient. The good news is that by managing your cyber risk will make your organisation a more attractive risk to insurers, and an appropriate policy will be more than worth the cost if or when you’ve been compromised.