Cyber Attacks on Construction Businesses
We are communicating to highlight the issue of cyber attacks on construction businesses, which is a growing issue of alarming concern to the construction industry.
While we’ve consistently highlighted the issue of cyber attacks on Canadian businesses over the past 3-5 years, we have witnessed, in the past several months, a large increase in cyber attacks on contractors in particular, many of which have been successful. Such attacks include cases of “social engineering”, where cyber criminals pose convincingly as business colleagues, vendors, and customers in an effort to fool the organization’s finance employees into misdirecting wire funds. They also include cases of ransom demands, where the hackers successfully freeze the contractor’s IT systems, paralyzing the business and demanding ransom in order to unlock the systems, or as a blackmail payment in return for not posting sensitive company, client, and employee information to the dark web (where it is then accessed by other cybercriminals).
Although dedicated cyber insurance policies can help transfer some of this risk, insurance alone is not a complete solution, for multiple reasons:
First, insurers will only offer cyber insurance (and some specific cyber coverages) to those customers with suitably high cyber security protocols, and even then, will limit certain coverages and apply large deductibles.
Second, insurance cannot completely insulate the contractor from all direct and indirect costs, and the extreme disruption associated with a cyber attack.
These are very serious risks, and cyber crime is, regrettably, a highly sophisticated and thriving global industry. Hackers successfully play the “numbers game” by deploying high volume automated bots to broadly target businesses, as well as very strategic “sniper” style approaches to target select companies. This is happening with contractors of all disciplines and sizes. We’ve been witness to social engineering claims causing unrecoverable cash wires sent from our clients to cyber criminals, ranging from $25,000 to over $2,000,000. We’ve also been party to ransom demands ranging from hundreds of thousands of dollars, to tens of millions.
For those contractors who have not, and are not, continually engaging with their IT providers to improve their cyber security, we highly recommend you do so, and without delay.
In addition, given that the point of entry in the overwhelming majority of cyber attacks is an unsuspecting employee, educating all employees on how to detect and avoid cyber breaches is a critical security safeguard for all businesses.
At Petrela Winter, all employees must engage in regular, ongoing cyber security awareness training, and we would be pleased to share the details of our online training provider, which we’ve found to be a valuable and cost-effective mitigation tool.
If you would like more information on cyber hacks, or to discuss insurance options (mindful of the view that insurance alone isn’t a cure-all), connect with a PWA advisor.
Contracting businesses must work extremely hard in a highly competitive market to turn a reasonable profit, and for organizations to endeavour to steal their hard earned capital is offensive to the core. More has to be done politically to pressure governments that harbour such criminal organizations to cooperate in order to kill this industry, so if you have an outlet with your MP, pls vocalize it. Every voice counts.
We regret the serious tone of this message but cannot sugar coat what is an overly concerning trend in our business.
Please be on guard for this risk.