CEG Industry Blog

Opinion: Contractors Should Work Hard to Make Thieves Wannacry

📅   Fri May 19, 2017
Giles Lambert


The worldwide web. Contractors beware. The web is where companies open their arms wide to a world of bad guys. When we connect to the internet, we expose ourselves to something not unlike what a spider spins for a fly. It makes you wannacry.

The “wannacry” ransomware epidemic last week victimized hundreds of thousands of computers in more than 100 countries. The malicious software infects a site, encrypts data, and holds it hostage. If a ransom is paid, the data is restored—or rather the data is supposed to be restored. Bad guys, being bad, don't always keep their word.

Last fall, it was reported that two-thirds of business or public organizations attacked by ransomware end up paying the demanded fee, which seems like a ludicrous response that only encourages data kidnappers to keep on kidnapping. But the fact is, not paying can pin a much bigger loss on a company. Construction contractors are among the more vulnerable targets for ransomware threats because project data held hostage can mean missed deadlines and breached contracts.

According to the latest Verizon Data Breach Investigations Report, there were 50 percent more ransomware attacks in 2016 than the year before, tens of thousands of incidents across the business world. “It's like shooting fish in a barrel,” Verizon senior data security scientist Gabe Bassett says, noting that ongoing inadequate security among contractors gives hackers a low threshold for entry. “The same attacks that worked last year worked this year.”

And probably will work next year, too. So builders remain vulnerable to malicious phishing and malware attacks. Contractors' increasing reliance upon the Internet of Things, which also might be termed the Internet of Thugs, guarantees it. At risk are BIM software and CAD blueprints, accounting departments, project monitoring tools, and heavy equipment telematics. Maliciously disrupting or playfully vandalizing these and other data streams unleashes pain and suffering in the executive suite. Connectivity becomes a curse.

If that isn't bad enough, general contractors face greater risk in the course of a construction project because their online collaboration with less-cyber secure subcontractors open up additional portals of mischief. So what can be done? There are no cyber security experts in this corner, but there is a consensus out there that three responses are necessary for contractors to protect themselves in 2017:

1) Recognize the threat. Cyber security must be a fundamental part of every business plan. Ways of protecting data on servers and in transmission include encryption to lessen the chance of stolen data being valuable to a thief, and establishing graduated levels of permission through a hierarchical system of entry. Also, chunking data, that is, systematically partitioning it, limits a hacker to a specific area rather than to everything in a system. And, of course, staying current with antivirus and firewall technology is a must. Do not react passively to this threat.

2) Train employees. People are always the weak link. Their safe usage of company devices is essential. Phishing is still how most hackers gain entry. When enticing e-mails are clicked on by a careless employee, big problems can rush in. A strict protocol of acceptable use of laptops, iPads, and phones is the first nontechnological line of defense.

3) Don't concede defeat. It is a wrongful notion that inventors of malicious software are peerless geniuses who can't be outsmarted. They are just crooks and scam artists. Smart and credentialed men and women are working just as hard to outflank and corral the cyber criminals. Good guys have geniuses in their employ, too.

Welcome to the worldwide criminal web. Wannasurvive? Roll up your sleeves. The fight is on.—CEG Blogger