Article

How not to become the next cyberattack victim

0 81 Technology

by Peter Caulfield

Progress is a paradox. It opens up our world to multitudes of new possibilities that we didn't think existed. But at the same time it can also enclose us in a host of problems and frustrations that we couldn't have imagined.
How not to become the next cyberattack victim

Take, for example, information technology (IT) in construction.

"If we don't make the best use of IT that enables person-to-person and organization-to-organization cooperation and collaboration, we're more exposed to competition and possible failure," said Helen Goodland, principal of Brantwood Consulting in North Vancouver.

But there's a Catch-22 to this proposition. The digital pipelines that carry all of this valuable information can be opened up and their contents examined, tampered with and stolen.

"The volume of threats has been increasing lately," said Alex Krohn, CEO of GT.Net, a Vancouver computer and network consulting firm.

"There's an arms race going on between competing criminals to hack companies."

Maksim Palgov, a senior information technology support specialist at Omicron Canada, a large integrated construction company, says the number of cyber security threats is growing each day "in geometric progression."

"In the construction industry, there are a lot of back and forth emails between your company and dozens of different sub-trades and developers, and hundreds of attachments get sent daily," said Palgov. "That's where most of the malware is coming from."

Most malicious e-mails come from those sub-trades that don't have strong security technology in place, Palgov says.

The most common cyber threats faced by small- and medium-size construction companies range from small phishing attacks to ransom ware and distributed denial of service attacks.

"It's the bigger firms that have more of a chance of becoming the next victim of hackers," Palgov said.

"The risks are very high. In the last few quarters I've been spending around 70 percent of my time on cyber security, conducting educational sessions for end-users, improving our network security and researching new threats."

Palgov says cyber threats are becoming more complex and dangerous and more difficult to protect against.

"The bad guys are becoming smarter and more creative," he said. "More complex cyber security protection technologies are creating a demand for more aggressive cyber threats, and vice versa. They change their methods and approaches very quickly."

Individuals are vulnerable, too. Identity theft is on the rise, and social media has become one of the favourite ways for cyberattackers to gather someone's personal information and steal their identity.

"That's why you never want to put all your information up there," Palgov said. "By looking at your social media profile, they can build a full-size portrait of you in minutes.  The problem with humanity is that we do it anyway, even though we know it could be very harmful."

Identity theft is almost impossible to recover from, says Vancouver computer consultant Vlad Mayzel of 604-GET-HELP.

"There are no remedies," he said.

"They take all of your personal information to get a loan, a mortgage or a car, and you're on the hook for the money."

Some particularly unscrupulous people will even phone up a victim and inducing him or her to say "yes" during the ensuing conversation. They will then use that magic word to create an audio file that purports to prove the dupe is, in fact, the person responsible for signing for the loan.

Palgov says there are a number of common-sense precautions that a construction company can take to reduce the chances of becoming the next victim of a cyberattack.

"Patching is very important," he said.

"You want to make sure all your servers and workstation have all the latest updates. If you get a hole in the wall of your house, but don't bother to fix it, that can invite some thefts to your house one day."

A second tip is "not cheaping out" on anti-virus security software, firewalls or spam filters.

"By saving $100 you can lose a fortune," Palgov said.

Third, periodically hire a cyber security firm to do a network assessment and conduct a penetration test.

"It should be in your budget if you want to make sure your network is secure," he said.

Last but not least, it is essential for construction companies to make sure their staff understands the dangers posed by hackers.

"This is the number-one priority," Palgov said.

"The user is the weakest link in the company when it comes to cyber security. Very often they will click on links, or open malicious attachments, that lead to a security breach."

Leave a comment

Or register to be able to comment.

Copyright ConstructConnect TM. All rights reserved. "ConstructConnect" is a dba for CMD Holdings.
The following rules apply to the use of this site:
Terms of Use and Privacy Statement