It looked like a routine, harmless email from the organization’s IT consultant reminding employees to change their computer passwords to safeguard against hackers; a fairly standard procedure for companies looking to protect their data and computer systems from an attack with cyber insurance.
The problem was the email wasn’t from the IT consultant, but malicious hackers who used it to gain access to the organization’s email system. With that access, the hackers began monitoring e-mail traffic to define internal and external relationships, build the fraudulent documents to match the general contractor’s documents and most importantly, identify who was in charge of requesting and sending the wire transfers.
After monitoring the organization’s e-mail traffic, the hacker sent a “spearfish” – a fraudulent e-mail to a specific person. The target was the person who the hackers identified as being in charge of the wire transfers. The fraudulent e-mail appeared to be an “internal” email from a colleague with a bogus request to change the general contractor’s banking instructions per an attached fraudulent document
The accounting manager thought nothing of the request and sent two payments – totaling nearly $2 million – to the new bank. A few months later the contractor called and asked why they hadn’t received the two most recent payments. The organization believed they had been prompt with its payments to the general contractor and were shocked to learn they had not been received.
Records showed the payments had indeed been sent to the “new” bank, but the hackers immediately directed the funds into an offshore account and the money was – as they say – in the wind.
Stories of cyberattacks targeting personal data and information are in the news daily and the construction industry is not immune.
With the industry’s adaption of web-based and remote access software management applications, it has become more efficient but also more vulnerable to hackers and cybercriminals. And they are becoming increasingly more aggressive – the uptick in ransomware incidents is a prime example – in their tactics and frequency.
Risk & Insurance magazine reported on a Forrester survey showed that more than 75 percent of respondents in the construction, engineering, and infrastructure industries had experienced a cyber-incident within the last 12 months.
Cybercrime is predicted to cost the world an estimated $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined, according to Cyber Security Ventures.
This demands the attention of company owners and top management to be aggressive and proactive to protect their financial assets, and it starts with making sure your insurance coverages are working for you.
There is, however, a distinction between the theft of data and information – building blueprints for example – that cybercriminals desire for nefarious purposes and the theft of money or securities.
One is covered under a company’s cyber insurance policy and the other by crime insurance policies that usually cover employee embezzlement or theft. Knowing the distinction between the two – and making sure your company is adequately covered under both – is critical to safeguarding you and your client’s financial assets.
The example outlined earlier in this article of the financial loss the organization and general contractor suffered did not fall under a traditional cyber insurance policy.
Inconvenience, stress and the loss of information, sense of security and money are just the tip of the iceberg for companies and employees that are victims of hacking and cybercrime. The costs to recover from an incident like this are a lot more than most people think.
According to safeatlast, a security review outfit, the average cost of a ransomware attack on a company is $133,000. This can include a wide array of recovery-related services including legal services, IT contractors to recover lost and corrupted data, credit agency protection and lost production and opportunity time for employees.
A construction company client of Oswald’s recently experienced a ransomware attack that was discovered on a Sunday night at 10 p.m. and completely immobilized the company’s computer system including its email, estimating and accounting software. It spent close to $75,000 to rebuild the database alone.
Construction companies can protect themselves by working with Oswald to review both their cyber and crime insurance coverages to ensure they are protected. Oswald offers a full suite of coverages for companies and budgets both big and small.
Businesses should also have their internal IT staff or contractors perform an audit of their antivirus and computer security software and invest in employee training on how to avoid email phishing scams.
Yes, the investment of resources and time can be significant, but can you afford not to act?
For more information, please contact:
Senior Vice President
Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.