In the realm of cybersecurity threats facing the construction industry in Australia, ransomware stands out as the most formidable and devastating menace
Ransomware incidents costs the Australian economy $2.59 billion annually with an average of a $250,000 cost per incident.
The construction industry, in particular, finds itself highly susceptible due to its relatively low level of digitisation and a hurried adoption of technology, which has inadvertently left security vulnerabilities in its wake.
With the attacks against Construction companies increasing 15% per year with an average down time of 23 days, it is imperative that construction businesses prioritise awareness and the implementation of strategies to mitigate the risk of falling victim to ransomware attacks.
So what is ransomware? Put simply it is a virus that blocks access to your data until a ransom is paid to a cybercriminal. This insidious threat has evolved over the years, with the latest iterations introducing alarming tactics such as double extortion.
How do you protect against such a destructive cybercrime?
1.Robust and monitored backups
Remember, your backups are your last line of defence. If you get hit by ransomware and your backups are safe, you can overwrite the blocked files with your untainted files from your backup. Backups can’t be left to run by themselves, they inevitably run into issues from time to time, that’s why it is important to have a professional to monitor and test them.
Here is a story to illustrate where it can all go wrong.
A medium sized commercial construction business contacted me for a second opinion after being hit by ransomware. Once hit, they had two options. Firstly, to pay the ransom or secondly to use the backup prior to the attack to overwrite the locked files and continue working.
The ransom being asked was around $40,000, so this company rightly so turned to their backups. Unfortunately, in an effort to save money, they had opted out of getting professionally monitored backups and instead taken it upon themselves to do the backups manually.
As the problem spiralled, it was discovered that the backups had not been checked properly and unbeknownst to them had not been working for three months! Imagine working from files that were 3 months old. You might as well not have backups in the first place.
To make matters worse their current IT provider was winding up their business so there was no help incoming. The only options we could put forward, were to scrape the data together using the old backups, talk to their insurance about engaging the cybercriminals to pay the ransom, or see if their data could be unencrypted by a digital forensic team.
They were losing tens of thousands of dollars per day, and this could have been avoided if a professional was ensuring the backups were working. Paying for that service would have been at a fraction of the cost compared to this disaster recovery scenario.
We ended up using the services of a digital forensic team, that cost $20,000 with no guarantee of recovering the data. Fortunately, it mostly worked, and they were back up and running a week later.
So, ask yourself, does your IT monitor and maintain your backups? Can they prove they are working and if tested will be able to cover you if you are attacked? These are the direct questions you need to ask and not assume everything is working fine. I’ve actually reviewed other IT Support companies, and disturbingly I occasionally found backups were not working or even checked!
2. Protect your email
69% of the time, ransomware gets in via email. Make senses to increase your email security right?
These days malicious emails are generally well crafted and aren’t fake looking. It’s not that hard to be tricked anymore. Email security products remove these malicious emails from your inbox before you have a chance to open them.
There are plenty of options out there that are inexpensive and can stop that heart sinking moment someone clicks on the dodgy attachment, and nothing is accessible anymore.
If you don’t have an email security product implemented yet, speak to your IT team about it as soon as possible.
3. Protect entry into your servers (Remote Desktop Protocol)
This may not apply to everyone, but for those who have a server everyone logs on to and runs a “session” to do work, this advise is important to protect against ransomware.
You may remember Toll being in the news after being hit by ransomware for a second time. Well, it turns out the attackers likely got in via an unsecure connection to a server. This connection uses a protocol called Remote Desktop Protocol or RDP for short.
There are many ways to protect against this, and I’m not going to drown you with all the technical commentary about it, however it is important to note that Multi Factor Authentication (pop a random code in along with your password) is a great way to mitigate the risk. You IT team will explain the various methods available for you, so you can rest easy that your server is safe.
4. Be Vigilant
You can have all the IT security in the world, but it can’t protect you from everything. In the end all it takes is a person to be tricked or compromised and suddenly you are being asked to pay a ransom to operate again.
Staff training and even simulations are a great way to educate staff on the signs to look out for ransomware.
We ran a simulation for a client where a fake email was sent out to about 100 staff. It was modelled on a real ransomware email, but only setup to track who clicked on the link inside the email.
Shockingly about 80% of the staff clicked on the link. If that was the real deal, ransomware would have crippled the business. On a positive note, this exercise made staff hyper vigilant about the emails they were seeing and would take precautions if the email seemed off.
By adopting these four key strategies, construction businesses in Australia can significantly reduce their vulnerability to ransomware attacks. Proactive cybersecurity measures, coupled with employee vigilance, are essential components of the ongoing battle against this ever-evolving cyber threat. Protecting your organisation from ransomware is not just a security measure; it’s a vital step in ensuring business continuity and financial stability.