Cybersecurity experts are warning about a potential increase in Russia-led cyberattacks following the country’s Feb. 24 invasion of Ukraine, and some say the construction industry could be especially vulnerable, according to www.constructiondive.com.
U.S. officials reportedly are concerned the invasion could spill over into cyberspace and warned businesses, banks and local governments to be vigilant against threats. Raymond Monteith, senior vice president with HUB International Limited’s risk services division, said construction companies should be on high alert.
“Small- and medium-sized enterprises, which contractors often fall into that realm, are among the most targeted organizations, and often that is because they're especially vulnerable to cybersecurity attacks,” Monteith said. “Largely because of a lack of resources, they often don’t have dedicated IT individuals, they don’t have the internal resources that can be focused on building and maintaining and monitoring robust cybersecurity and defensive systems, so they are frequently targets and do have some significant vulnerabilities.”
A recent NordLocker report showed in 2021, construction was the top industry hit by ransomware attacks, a type of program that can steal or encrypt sensitive files and information and demand compensation for their return or safety. Such attacks stem simply from ordinary people clicking a bad link or exposing their information.
“Generally speaking, ransomware and business email compromise are what we would term ‘public enemies No. 1 and 2’ these days,” Monteith said.
Countries are responding to the possibility of increased cyberattacks from Russia. Britain's National Cyber Security Centre and the Chartered Institute of Building launched new guidance for contractors to help them use new technologies safely. The cybersecurity guidance includes avoiding common passwords or using a default password; being careful about what information is posted on social media; and recommending construction firms enable two-factor authentication.
Phil Casto, senior vice president for risk services at HUB International, has recommended additional cybersecurity steps contractors can take, such as training employees; keeping software up to date; disposing of technological assets properly; giving your company an annual cybersecurity checkup; and purchasing a cyber insurance policy.
To help members protect their companies from cybersecurity risks, NRCA is offering a new cyber liability insurance program that provides social engineering and crime risk insurance, as well as cybersecurity prevention services. For more information, contact Andy Metzler at ametzler@bpminsurance.com or (913) 744-2213.
