Andrew Avanessian is taking the time to explain why the construction industry is as vulnerable as other sectors when it comes to cyber-attacks, particularly to the latest scam known as ‘social engineering’. Because there is a number of third parties involved in the construction supply chain, there are numerous ways through which cyber criminals can access a company’s data.
His tips on how to avoid the social engineering attacks include: security hygiene, meaning that companies should use strong and unique passwords for all systems and patch software and systems regularly; protect the keys to the kingdom, meaning that employees should not have any administrator privileges, unless they really need it; and layer your defences by adopting an in-depth approach to security and run an application control software.
‘Social engineering’ is a tactic that involves the disclosure of sensitive information without being aware of it. This typically takes the form of a phishing email and might look as if it comes from a trusted supplier or another third party, but in reality, it is an attacker masquerading as a familiar source. They might trick you into transferring funds to a new account, or simply opening an attachment that allows them to access the wider corporate infrastructure.
To defend your company against these attacks, educating your employees is not enough. Technical measures should be taken as well. Focus on the basics and you’ll be in a very strong position to defend against internal and external attacks – including those that start within the supply chain.
Upcoming legislation aiming to help raise standards in cyber defences is also on its way with the General Data Protection Regulation coming into force on the 25th of May. This will give the Information Commissioners Office much more clout when it comes to dishing out financial penalties and companies could be fined up to 4% of their turnover or £17.8 million, whichever is higher.