The 2019 Travelers Business Risk Index shows nearly half of construction executives think their firms will be victims of a cyberattack, but 68% haven’t assessed their risks or prepared a plan, according to www.constructiondive.com.
The index also reported attacks are increasing on businesses of all sizes across industries. The number of large businesses attacked has increased by 73% since 2015, and the number of medium-sized and small businesses attacked increased by 100% and 200%, respectively, during that time.
Attorney Richard Volack, chair of Peckar & Abramson’s cybersecurity and data privacy practice, says phishing-related incidents—sending fraudulent emails to persuade individuals to reveal personal information—have increased during the past five years. Volack says hackers are attacking industries such as construction because hackers can target employees’ personal information and information about companies’ classified plans or specs on government projects.
Volack says hackers find their way into a construction firm’s system by posing as subcontractors and messaging company accountants, claiming to have a new routing number, or by pretending to be an executive and emailing an employee asking for vital information at 4 p.m. on a Friday. And fake emails increasingly are looking more authentic.
Hackers also use ransomware, taking over computer systems of large facilities and demanding payment in exchange for not erasing vital information.
Volack says hackers can use internet-enabled equipment to gain information and take over security cameras and drones. Smaller and medium-sized businesses often are targeted because they have fewer resources to protect themselves and do not plan accordingly.
The study found only 51% of all U.S. businesses surveyed have purchased cybersecurity insurance, and few are implementing important security training and safety measures.
Experts encourage business to protect their information and have an appropriate level of cybersecurity in place. Some helpful steps can include using two-factor authentication for passwords and implementing antivirus software.
